Dnssec zone signing problem

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu May 20 19:26:19 UTC 2010

On Thu, May 20, 2010 at 12:10:53PM -0700,
 itservices88 <itservices88 at gmail.com> wrote 
 a message of 92 lines which said:

> # dnssec-signzone -N INCREMENT mydomain.org
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
> The zone is not fully signed for the following algorithms: RSASHA1.
> dnssec-signzone: fatal: DNSSEC completeness test failed.

I do not find these error messages in BIND source code. Are you sure
you use the pristine dnssec-signzone and not, say, a local custom

(dnssec-signzone is supposed to sign the zone, not to check that it is

More information about the bind-users mailing list