named-checkzone error "NSEC node already exists"

jim glass4545 at
Mon Dec 6 20:36:15 UTC 2010


Running BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6

New setup/install and attempting to setup DNSSEC and clean any dirty data.
Got the zone signed and ran named-checkzone against it and got the following
(11) times:
     addnode: NSEC node already exists
The .signed loads but want to have clean before going live and not sure how
to narrow down where these eleven duplicates are coming from?
See these repeated eleven times in debug.log for each start of named,
running debug of 3
   06-Dec-2010 14:43:39.266 database: warning: addnode: NSEC node already

Sorry, some more stupid questions on DNSSEC that I'm just confused about.

 1) Do I sign my zone just like my

   # dnssec-keygen -r /dev/urandom
   # dnssec-keygen -f KSK -r /dev/urandom
   # named-checkzone -t /var/named
      runs OK
   # dnssec-signzone -g -k -o

2) After I have my island of security setup and working, register the KSK
public key with educause correct?

3) After registered with educause should I stop reading in

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list