playing with 9.9.2b1 and ECDSA

Tony Finch dot at dotat.at
Wed Aug 15 19:23:20 UTC 2012


Is automatic signing with ECDSA supposed to work yet? I ran:

$ dnssec-keygen -a ECDSAP256SHA256 -f KSK fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+03356
$ dnssec-keygen -a ECDSAP256SHA256  fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+63927
$ chmod g+r K*
$ rndc loadkeys fanf2.ucam.org

And BIND said:

15-Aug-2012 19:56:31.942 general: info: received control channel command 'loadkeys fanf2.ucam.org'
15-Aug-2012 19:56:31.954 general: info: zone fanf2.ucam.org/IN: reconfiguring zone keys
15-Aug-2012 19:56:31.969 general: error: zone fanf2.ucam.org/IN: update_sigs:add_sigs -> sign failure
(blank line)
15-Aug-2012 19:56:31.970 general: error: zone fanf2.ucam.org/IN: sign_apex:update_sigs -> sign failure
(blank line)

dnssec-signzone appears to work.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Thames, Dover, Wight: South or southwest 4 or 5, increasing 6 at times,
backing southeast later, 3 or 4. Slight or moderate, occasionally rough in
Wight. Showers. Moderate or good.



More information about the bind-users mailing list