DNSSEC signing issues

Security Admin (NetSec) secadmin at netsecdesign.com
Fri Apr 22 02:20:51 UTC 2011


I am running BIND 9.4.2-P2 on OpenBSD v4.8

I have created the ZSK and KSK and added the keys to my zonefile "mydomain.hosts"  using the "cat" command to append to the end of the host file.

When attempting to use the following command "dnssec-signzone -N INCREMENT mydomain.hosts" I get the following error:

dnssec-signzone: error: dns_master_load: mydomain.hosts:15: mydomain.com: not at top of zone
dnssec-signzone: failed loading zone from ' mydomain.hosts': not at top of zone

I own this domain and the DNS servers associated with them.  Line 15 referenced in the above error is an MX record within the host file. I am unsure how to debug this error.  Any help would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110421/f07974b2/attachment.html>


More information about the bind-users mailing list