bug using dnssec tools
Mark Andrews
Mark_Andrews at isc.org
Tue Sep 26 22:15:23 UTC 2006
You don't use dnssec-makekeyset with the new DNSSEC protocol.
When you sign the zone dnssec-signzone will create a dsset
file (dsset-<zonename>) containing the DS records. These
are passed to your parent.
Mark
> Hi,
> I experiment some problems setting up the DNSsec.
> I'm able to generate keys with dnssec-keygen and I get both public and
> private key.
>
> Then I want to generate a keyset but what I get is :
> [root at machine named]# dnssec-makekeyset -t 172800 Ktest.+001+33062.key
> hash.c:383: INSIST(hash != ((void *)0) && ((((hash)) != ((void *)0)) &&
> (((const isc__magic_t *)((hash)))->magic == ((('H') << 24 | ('a') << 16
> | ('s') << 8 | ('h')))))) failed.
> Abandon
>
> Is this a bug or I'm doing something wrong ?
>
> My system is Linux 2.6.11-1.1369_FC4
>
> Here are my keys :
> _____________________________________________________________________________
> __
> Ktest.+001+33062.key :
> test. IN DNSKEY 256 3 1
AQOuttaZR8SRrUFOvtBPJc5gMlUu7igp4HybgmwpNIgw+28Jvw9cvBVg
> Y6gpPIrgC+8OfFVpzSKtfxEfSKtUgSb1
> _____________________________________________________________________________
> __
> Ktest.+001+33062.private :
> Private-key-format: v1.2
> Algorithm: 1 (RSA)
> Modulus:
> rrbWmUfEka1BTr7QTyXOYDJVLu4oKeB8m4JsKTSIMPtvCb8PXLwVYGOoKTyK4AvvDnxVac0irX8RH
> 0irVIEm9Q==
> PublicExponent: Aw==
> PrivateExponent:
> dHnkZi/YYR4ridSK326JlXbjdJ7FcUBTElbyxiMFdfvar3/pwbdB6WZfSNmVlI2KQu0hTa9xwCszM
> llW7rgtaw==
> Prime1: 1j0kuDejqAxOJJ4FHxB90xPbwLwd13yi11nirbIi8h0=
> Prime2: 0MVaeIKFinX79J3xC3C5zJY84rkoIJCbbPnf+zxJ8Lk=
> Exponent1: jtNt0CUXxV2Jbb6uFLWpN2KSgH1pOlMXOjvsc8wXTBM=
> Exponent2: iy48UFcDsaP9Tb6gsksmiGQolyYawGBnnfvqp32GoHs=
> Coefficient: aEz2FP82qYnc8RhwkO5t7EnqFlgns8X6bBWQOzm6u7k=
>
>
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training at isc.org.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list