Problem with 9.6.2-p1
Chris Thompson
cet1 at cam.ac.uk
Wed Apr 7 16:52:19 UTC 2010
On Apr 6 2010, Daniel Ryslink wrote:
>
>By the way, similar problem occurs in 9.6.2-p1. According to changelog,
>support for RSA/SHA-256 (algorithm number 8 in dnssec-related
>records) was backported into 9.6.2 from 9.7 (and indeed, 9.6.2 has no
>problems with the TLDs recently signed with keys using RSA/SHA-256)
>
>However, after upgrading to 9.6.2-p1, these very records are rejected by
>the nameserver:
>
>29-Mar-2010 09:33:59.371 config: error: itar.key:3: configuring trusted
>key for 'ARPA.': algorithm is unsupported
>
>Evidently, the RSA/SHA-256 support was removed from p1, but why? (...
>accident?).
I can't reproduce this at all. I tried adding a trust anchor for
"uk" (which uses algorithm 8, and is not in dlv.isc.org) to a test
server running 9.6.2-P1. No config error as above, and (after a
bit of cache flushing) it validates records from "uk" fine ("ad" bit
set, etc.).
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list