DNSSEC Generating Zone Key hanging
Damian Myerscough
damian.myerscough at gmail.com
Sun Apr 22 15:31:33 UTC 2012
Thanks a lot, I have now resolved this issue. However, I was following
the DNSSEC in 6 minutes guide [1]
for learning purposes and I have followed all the steps up to "you are now
serving DNSSEC signed zones".
However, I seem to be getting the following errors
Apr 22 15:22:43 darkstar named[29917]: zone
theunsupported.co.uk.signed/IN/trusted: sending notifies (serial 2012031202)
Apr 22 15:22:43 darkstar named[29917]: zone
theunsupported.co.uk.signed/IN/global: sending notifies (serial 2012031202)
Apr 22 15:22:43 darkstar named[29917]: lame server resolving '
ns2.theunsupported.co.uk' (in 'theunsupported.co.uk'?): 174.143.56.179#53
Apr 22 15:22:43 darkstar named[29917]: error (unexpected RCODE REFUSED)
resolving 'ns2.theunsupported.co.uk/A/IN': 50.56.249.94#53
Apr 22 15:22:43 darkstar named[29917]: lame server resolving '
ns2.theunsupported.co.uk' (in 'theunsupported.co.uk'?): 174.143.56.179#53
Apr 22 15:22:43 darkstar named[29917]: error (unexpected RCODE REFUSED)
resolving 'ns2.theunsupported.co.uk/A/IN': 50.56.249.94#53
Apr 22 15:22:43 darkstar named[29917]: error (unexpected RCODE REFUSED)
resolving 'ns2.theunsupported.co.uk/AAAA/IN': 50.56.249.94#53
Apr 22 15:22:43 darkstar named[29917]: lame server resolving '
ns2.theunsupported.co.uk' (in 'theunsupported.co.uk'?): 174.143.56.179#53
Apr 22 15:22:43 darkstar named[29917]: lame server resolving '
ns2.theunsupported.co.uk' (in 'theunsupported.co.uk'?): 174.143.56.179#53
Apr 22 15:22:43 darkstar named[29917]: error (unexpected RCODE REFUSED)
resolving 'ns2.theunsupported.co.uk/AAAA/IN': 50.56.249.94#53
When I use the signed zone my views also seem to break... Any idea on this?
[1] http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
On 22 April 2012 12:40, Spain, Dr. Jeffry A. <spainj at countryday.net> wrote:
> > I was setting up BIND DNSSEC and when I issue the following command the
> process never finishes.
> > dnssec-keygen -a RSASHA1 -b 1024 -n ZONE example.com
>
> Take a look at the Entropy Key (http://www.entropykey.co.uk/). See also a
> discussion (http://jpmens.net/2012/01/24/entropy-random-data-for-dnssec/)
> by a frequent poster to this forum.
>
> Jeffry A. Spain
> Network Administrator
> Cincinnati Country Day School
>
>
--
Regards,
Damian Myerscough
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120422/e5c81efb/attachment.html>
More information about the bind-users
mailing list