DNSSEC auto-dnssec issue bind-9.7.2-P3

Zbigniew Jasiński szopen at nask.pl
Wed Jan 19 14:59:14 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

W dniu 2011-01-19 14:24, Kalman Feher pisze:
> Try without +short ;)
> I also have the habit of using that and can get caught out. Remember that
> +short only includes the answer, which is not the RRSIG you are hoping to
> see.
> 

RRSIG is _the_ answer like normal DNS record in this particular case
it's also included in answer section and +short it isn't an issue here.
of course I'm asking for DNSKEY record but with DO bit I should get also
signatures for this record set.

like i wrote in my previous email I've checked the journal file and
there are updates with RRSIG records but still named is returning
answers without signatures

check this out:

$ dig @c.ns.nic.cz cz dnskey +dnssec +short
256 3 10 BQEAAAABxBm6EoG5NZcdHB1TXkvEemtWUJfoveCAUpGHIHy7wzKMCdTI
kEqs/n6tuGtaKsGDPwdJEy01U6uvg35Vz6fpmsIkjWcmS2TXKoBuNdsq
/AN1EBpo58v1jrt1BfST3ZyHiOJsK8jg2kQwca9Pk79rqGpR5QcWGKDa oSr3vYSVJ60=
257 3 10 AwEAAaVU8EMQrZ6Tix2zBaAmizMQ7W0m94qSJUXV4eVWS9ZpXh9t1uj8
U/B5Nnqge4G0Te0/NJIqflihZKXs8HyhJqjF852RKnvNWPu2wMujYjHP
0T4lIhu4rTym9+sPNsfioqvMyyDeqyhVPx21nvLW5oaKjaLd3XJxijRb
DTddRU97mJVVS50PKdDmh5n/4KdRKV7ifR2Ap8L1bvUiCOxl4GAqLoXf
t+L896bkVj6mefdCSyYaCbgsDc2+10ZBOSF1t89NJ6O1yO+y5/7vS3dY
KEqj+p4ygaCY0spvrhZxncUeASixg224bNYZM5TLk2/YoKgAEjaIoCwu 7SAXB5iUvLU=
DNSKEY 10 1 3600 20110130131945 20110118153609 14568 cz.
SllgVFaBLBuzosgOJKPGh76zOv3DghocSvpSCaX0yQ5WonDDqqU+AIAt
ornhLs3EKI4a0Ofj3LCHY/Z450+5KSlbL/XguONvSMntHeKuM/J2oaYM
veHr75jTzRDaRxNmByI4S3Qrg5hLRE/VF8qsQn04+L/1aGcIGk0PVwnG
A0gn2mR4dzLUMgiNz6DJYsWfhRsjWF5WeQ+yfVkDVWZqTYJyIcchHvSX
0vrrcJkOi2jSmzqGH8NtvCJ4fMRiuLBde8HC8pZC5PAYiO8g6lhrHC6+
xquXs+ybPMc8J+p++f7hB95dDMHDIuOHjQjvfOZxF/IgqL1KxFb7w2GE 9RCbXQ==
DNSKEY 10 1 3600 20110131234224 20110118153609 34702 cz.
ACjlQpDb38se9p+enPG2KbxEjrBnfGdjYdZHSco4Ldc9EfnK67XLXvun
ThUa0g+logqUJCr9NhHdd+UMaOua8vdRAe2yKyLsJzvQcKnM29b4Qfd5
fVauLa3TA9ZyPjhZgBbCmQFjKOiYW6XcYwjsOO3JUCEMEbPHmzzkhOnh Wso=

2 keys, 2 signatures.

- -- 
regards

zbigniew jasinski
[SYStem OPerator]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNNvxCAAoJEH26UYiRhe/gKcMP/10+YCk9RLCyEZa/n6wlfHYa
VlBgfNqixzZo4jMegpY65Te2ULRzq/gXzcqbTlgt249ZOuRgbxDN4ewe7qzF81aX
ElElCVyZLzUhUnCsPd0nQPADQJ2OoNQbm2Dkj9VuFaIEHgNYxXYtDde4gUyZkEE8
CUAU2W/XsolpUi7HLkwDOuoTLK/MW5ubb/9ocjjDquMOqjAoQeQNWjlVdXzAUBhc
zZ+x+WNzwGXYFh9VmqgE8iKc/YK8hLPfAkbUdVjKCNonPJpspXyI57jOQXjsfeF0
gpPjBPGe2DwV+vPAiwRQFRBut0W7L6jHjGSy+LuecHuJIEj2x2DI0YXgd1TiaJQW
yQSkVRkshxW7/3znhgl63jKgBAVcN2btEGil3F8BaFp5+Wvyk8ZAJFUEFvOEgCTW
HSy2y4QgmPTkMNtxSZU89Jjij74uGBhUTrUVWsLY7JuXmWMCwE26usIEhFmiP2mo
0JCOdd3Za+CKvEAGAey09TWZdDUVD0A1dyeBcrvVN3BbaxlNV2R1bdx0NvIJdB8n
Q9I2zOjJwztH06d2b+id6bU+8hXlg3Se/1igJl9inSC7jI1SqH1zm8XG237954y5
ju0kWePfr10MgvSEBFaZ4FWAsA+NxSBXxRnKluOlD1Iasmy9oquReK3ha4fNsA0h
SCnoMIVGVmueKrp0/f5a
=ncpB
-----END PGP SIGNATURE-----




More information about the bind-users mailing list