>Hmm... dnssec-signzone (version 9.7.0-P1) seems to work perfectly well:
>
>dnssec-signzone -k Kexample.com.+008+53749.key -N INCREMENT -g -o
example.com example.com Kexample.com.+008+41979 Verifying the zone using
the following algorithms: RSASHA256.
>Zone signing complete:
>Algorithm: RSASHA256:
Am Fri, 21 May 2010 09:35:31 -0400
schrieb "Sergiu Bivol" :
> We were invoking the dnssec-signzone tool once with each key. We'd
> start by signing with KSK, then sign with ZSK. When we upgraded to
> 9.6.2-P1, dnssec-signzone started failing with errors when signing
> with KSK: ---
We have a similar issue. And this is my understanding of it:
>From briefly looking at the source, it seems that as of 9.6.2-P1 the
dnssec-signzone tool performs some additional validation after the
signing is complete.
Previously, it could only verify the signatures it generated, if "-a" is
used
Ok. I will open a bug.
Thanks
-dani
On Thu, May 20, 2010 at 8:10 PM, Mark Andrews wrote:
>
> In message ,
> itse
> rvices88 writes:
> > Hi,
> >
> > I am having a dnssec problem while signing zone:
> >
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following alg
In message , itse
rvices88 writes:
> Hi,
>
> I am having a dnssec problem while signing zone:
>
> # dnssec-signzone -N INCREMENT mydomain.org
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
> The zone is not fully signed for the following algo
In message <20100520192619.ga27...@laperouse.bortzmeyer.org>, Stephane Bortzmey
er writes:
> On Thu, May 20, 2010 at 12:10:53PM -0700,
> itservices88 wrote
> a message of 92 lines which said:
>
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following algorith
#named-checkconf -t /var/named/chroot /etc/named.conf
#
# named-checkzone -t /var/named/chroot mydomain.org /etc/named-data/
mydomain.org
zone mydomain.org/IN: loaded serial 2010141144
OK
No error in both of the commands.
I am missing something else may be.
Thanks
On Thu, May 20, 2010 at 1:04
On Thu, May 20, 2010 at 12:51 PM, Hauke Lampe
> wrote:
> On 05/20/2010 09:10 PM, itservices88 wrote:
>
> > Verifying the zone using the following algorithms: RSASHA1.
> > Missing RSASHA1 signature for . NSEC
>
> You seem to have a record for "." somewhere in your zone file.
>
In named.conf, i ha
No local script. I am using snssec-signzone that cam with the installation:
# dnssec-signzone --help
Version: 9.6.2-P1-RedHat-9.6.2-3.P1
On Thu, May 20, 2010 at 12:26 PM, Stephane Bortzmeyer wrote:
> On Thu, May 20, 2010 at 12:10:53PM -0700,
> itservices88 wrote
> a message of 92 lines which
On 5/20/2010 12:51 PM, Hauke Lampe wrote:
Did you load the unsigned zone into BIND before? It should have logged a
warning about that record.
named-checkzone would be useful here as well.
hth,
Doug
--
... and that's just a little bit of history repeating.
--
On 05/20/2010 09:10 PM, itservices88 wrote:
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
You seem to have a record for "." somewhere in your zone file.
Did you load the unsigned zone into BIND before? It should have logged a
warning about t
On Thu, May 20, 2010 at 12:10:53PM -0700,
itservices88 wrote
a message of 92 lines which said:
> # dnssec-signzone -N INCREMENT mydomain.org
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
> The zone is not fully signed for the following alg
Hi,
I am having a dnssec problem while signing zone:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
The zone is not fully signed for the following algorithms: RSASHA1.
dnssec-signzone: fatal: DNSSEC comp
13 matches
Mail list logo
