playing with 9.9.2b1 and ECDSA

Tony Finch dot at
Wed Aug 15 19:23:20 UTC 2012

Is automatic signing with ECDSA supposed to work yet? I ran:

$ dnssec-keygen -a ECDSAP256SHA256 -f KSK
Generating key pair.
$ dnssec-keygen -a ECDSAP256SHA256
Generating key pair.
$ chmod g+r K*
$ rndc loadkeys

And BIND said:

15-Aug-2012 19:56:31.942 general: info: received control channel command 'loadkeys'
15-Aug-2012 19:56:31.954 general: info: zone reconfiguring zone keys
15-Aug-2012 19:56:31.969 general: error: zone update_sigs:add_sigs -> sign failure
(blank line)
15-Aug-2012 19:56:31.970 general: error: zone sign_apex:update_sigs -> sign failure
(blank line)

dnssec-signzone appears to work.

f.anthony.n.finch  <dot at>
Thames, Dover, Wight: South or southwest 4 or 5, increasing 6 at times,
backing southeast later, 3 or 4. Slight or moderate, occasionally rough in
Wight. Showers. Moderate or good.

More information about the bind-users mailing list