DNSSEC with 9.7.2-P2

David Forrest drf at maplepark.com
Fri Nov 12 12:49:52 UTC 2010


While running BIND 9.7.2-P2 built with defaults on F11

While processing:
Nov 12 06:07:57 maplepark sendmail[3928]: oACC7utt003928: 
from=<bind-users-bounces+drf=maplepark.com at lists.isc.org>, size=5486, 
class=-30, nrcpts=1, msgid=<003e01cb8262$1ee2b150$5ca813f0$@com.br>, 
proto=ESMTP, daemon=MTA-v6, relay=webster.isc.org [IPv6:2001:4f8:1:d::12]

I got a DNSSEC notice:
12-Nov-2010 06:07:58.782 dnssec: notice: validating @0x224b3a0: br DNSKEY: 
unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a 
trusted key for 'br'
12-Nov-2010 06:07:58.783 dnssec: notice: validating @0x224b3a0: br DNSKEY: 
please check the 'trusted-keys' for 'br' in named.conf.

and, on checking named.conf, I found the entry for br. as:
trusted-keys {
 	"br." 257 3 5 
"AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1NGbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM="; 
};

The message passed through spamassassin OK and was received OK here.  But 
I am uncertain of my configuration of DNSSEC.

Dave
-- 
David Forrest                   e-mail   drf @ maplepark.com
Maple Park Development Corporation  http://xen.maplepark.com
St. Louis, Missouri    (Sent by ALPINE 2.01 FEDORA 11 LINUX)



More information about the bind-users mailing list