Dnssec zone signing problem
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu May 20 19:26:19 UTC 2010
On Thu, May 20, 2010 at 12:10:53PM -0700,
itservices88 <itservices88 at gmail.com> wrote
a message of 92 lines which said:
> # dnssec-signzone -N INCREMENT mydomain.org
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
> The zone is not fully signed for the following algorithms: RSASHA1.
> dnssec-signzone: fatal: DNSSEC completeness test failed.
I do not find these error messages in BIND source code. Are you sure
you use the pristine dnssec-signzone and not, say, a local custom
script?
(dnssec-signzone is supposed to sign the zone, not to check that it is
signed.)
More information about the bind-users
mailing list