Dnssec zone signing problem
itservices88 at gmail.com
Fri May 21 04:50:04 UTC 2010
Ok. I will open a bug.
On Thu, May 20, 2010 at 8:10 PM, Mark Andrews <marka at isc.org> wrote:
> In message <AANLkTil_-LDs5T6SvsfgP6u_9ATKloV2xfoWYOOVsgNj at mail.gmail.com>,
> rvices88 writes:
> > Hi,
> > I am having a dnssec problem while signing zone:
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following algorithms: RSASHA1.
> > Missing RSASHA1 signature for . NSEC
> > The zone is not fully signed for the following algorithms: RSASHA1.
> > dnssec-signzone: fatal: DNSSEC completeness test failed.
> > What could be wrong ....
> > I have followed these steps:
> > OS = centos 5.4 with bind-9.6.2-3.P1
> > ssec-nsec3-support/
> > dnssec-keygen -a RSASHA1 -b 1024 -n ZONE mydomain.org
> > dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE mydomain.org
> > cat Kmydomain.org.+005+*.key >> mydomain.org
> > dnssec-signzone -N INCREMENT mydomain.org
> I suspect we will need to see the zone and the K* files. Open a
> bug report with bind9-bugs at isc.org and send the files to see if we
> can reproduce it.
> > Under options in named.conf
> named.conf will have no effect on this.
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users