Dnssec zone signing problem

itservices88 itservices88 at gmail.com
Thu May 20 22:30:03 UTC 2010


No local script. I am using snssec-signzone that cam with the installation:

# dnssec-signzone --help
Version: 9.6.2-P1-RedHat-9.6.2-3.P1

On Thu, May 20, 2010 at 12:26 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr>wrote:

> On Thu, May 20, 2010 at 12:10:53PM -0700,
>  itservices88 <itservices88 at gmail.com> wrote
>  a message of 92 lines which said:
>
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following algorithms: RSASHA1.
> > Missing RSASHA1 signature for . NSEC
> > The zone is not fully signed for the following algorithms: RSASHA1.
> > dnssec-signzone: fatal: DNSSEC completeness test failed.
>
> I do not find these error messages in BIND source code. Are you sure
> you use the pristine dnssec-signzone and not, say, a local custom
> script?
>
> (dnssec-signzone is supposed to sign the zone, not to check that it is
> signed.)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100520/66b4f9f3/attachment.html>


More information about the bind-users mailing list