Dnssec zone signing problem
itservices88
itservices88 at gmail.com
Fri May 21 04:50:04 UTC 2010
Ok. I will open a bug.
Thanks
-dani
On Thu, May 20, 2010 at 8:10 PM, Mark Andrews <marka at isc.org> wrote:
>
> In message <AANLkTil_-LDs5T6SvsfgP6u_9ATKloV2xfoWYOOVsgNj at mail.gmail.com>,
> itse
> rvices88 writes:
> > Hi,
> >
> > I am having a dnssec problem while signing zone:
> >
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following algorithms: RSASHA1.
> > Missing RSASHA1 signature for . NSEC
> > The zone is not fully signed for the following algorithms: RSASHA1.
> > dnssec-signzone: fatal: DNSSEC completeness test failed.
> >
> > What could be wrong ....
> >
> > I have followed these steps:
> >
> > OS = centos 5.4 with bind-9.6.2-3.P1
> >
> http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-dn
> > ssec-nsec3-support/
> >
> > dnssec-keygen -a RSASHA1 -b 1024 -n ZONE mydomain.org
> > dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE mydomain.org
> > cat Kmydomain.org.+005+*.key >> mydomain.org
> > dnssec-signzone -N INCREMENT mydomain.org
>
> I suspect we will need to see the zone and the K* files. Open a
> bug report with bind9-bugs at isc.org and send the files to see if we
> can reproduce it.
>
> > Under options in named.conf
>
> named.conf will have no effect on this.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100520/d7e5321e/attachment.html>
More information about the bind-users
mailing list