Error to validate the signature of a SIG(0) transaction...

Jim Reid jim at
Fri Dec 31 12:14:47 UTC 2004

>>>>> "Manuel" == Manuel Gil Perez <manuel at> writes:

    Manuel> Hi everyone, I would like to use SIG(0) as mechanism to
    Manuel> publish certificates into my DNS server of secure way
    Manuel> using DNS dynamic update (note: I'm using the last version
    Manuel> of BIND, 9.3.0).

    Manuel> The request is generated and sent successfully but I
    Manuel> obtain a SERVFAIL from the server:

    Manuel> Reviewing the log files the server returns the following
    Manuel> error: <<request has invalid signature: not verified yet
    Manuel> (NOERROR)>>.

    Manuel> Is BIND qualified to verify SIG(0) signatures??

Of course. If it didn't what would be the point of supporting SIG(0)?

Turn up the name server's DNSSEC debugging if you want to know why the
verification failed. My guess is the key you've used isn't known to
the server. If you post the actual files -- don't edit anything! --
someone might be able to debug them.

More information about the bind-users mailing list