Error to validate the signature of a SIG(0) transaction...
jim at rfc1035.com
Fri Dec 31 12:14:47 UTC 2004
>>>>> "Manuel" == Manuel Gil Perez <manuel at dif.um.es> writes:
Manuel> Hi everyone, I would like to use SIG(0) as mechanism to
Manuel> publish certificates into my DNS server of secure way
Manuel> using DNS dynamic update (note: I'm using the last version
Manuel> of BIND, 9.3.0).
Manuel> The request is generated and sent successfully but I
Manuel> obtain a SERVFAIL from the server:
Manuel> Reviewing the log files the server returns the following
Manuel> error: <<request has invalid signature: not verified yet
Manuel> Is BIND qualified to verify SIG(0) signatures??
Of course. If it didn't what would be the point of supporting SIG(0)?
Turn up the name server's DNSSEC debugging if you want to know why the
verification failed. My guess is the key you've used isn't known to
the server. If you post the actual files -- don't edit anything! --
someone might be able to debug them.
More information about the bind-users