DNSSEC auto-dnssec issue bind-9.7.2-P3
Zbigniew Jasiński
szopen at nask.pl
Fri Jan 21 08:13:34 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
W dniu 2011-01-19 18:38, Hauke Lampe pisze:
> Another thing you might check:
>
> With "dnssec-enable no;" in named.conf, BIND still does its automatic
> DNSSEC signing but won't add RRSIG to responses.
>
> I ran across such a configuration lately. Your problem sounds similar.
>
>
> Hauke.
that was first thing which I've checked:
dnssec-enable yes;
and it's of course enabled.
I see in journal file:
./sbin/named-journalprint var/zone/example.jnl
add example. 3600 IN RRSIG DNSKEY 10 1 3600
20110218225336 20110119215336 57635 example.
Xo9o137Q4BmELA0wumTLujJkHq0b/tDbYvuFCfZDfcbp8cuutDJUxCPy
<CUT>
add example. 3600 IN RRSIG DNSKEY 10 1 3600
20110218225336 20110119215336 57636 example.
SfFa5xjRtb/VBm3Zv1j31VRlqJORM0laX1PuZ+Asi6IFutH4q5TeknYN
<CUT>
add example. 3600 IN RRSIG SOA 10 1 3600
20110218225336 20110119215336 57635 example.
wYZ/nZbnN6HGrWTDLkfbyW4dQGMVs1ZVY+r8zc9t92ykxu7ipycxnITW
<CUT>
also RRSIG for SOA record and for DNSKEY records are present in plain
zone file but still named isn't responding with correct signatures.
- --
regards
zbigniew jasinski
[SYStem OPerator]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJNOUAtAAoJEH26UYiRhe/goMcP/i5MLxBFh8+Fl2R2oqIKdRR1
ntBcfXBK1niJmlDpFzGu97gXNxoofk/bWVEhb+eo/e4+ln8bSuOiKVV5PQJ8zq1t
ke5jCIw7iRdBQgMcZNHQCWcI1lCWnPc0SxcCtw6u2ZItfFxqwANwFJw0oXwX/C8i
iVGflBdSUI9G/MGIaCsiwBdNBZnVhgrVz5F3KHXKC6aH49HI9kieXqz8v9pczcGR
xoy/RRrgObvb8N4jz2GA+fq8thFoKzZkoWLWG/5eE9uYd8oY3wLHIoAt0jBfGXOR
UXrFQ1QDqjUdotb3ovUGH2NH1NpWnITYm9gDWqEo3egaLpQU6itc2z57BNkuIkPS
qn3m2rgnEKy+p6flLYNxwyYnrXWVIpti73r+aPpkWQpWptEBcyCIl2su6yLZPv1y
R7ioFCualJLOWWqio9w5hQeRUvgrF6w7XBc97PMWgwLSrjHF0XADOWn9IqB4/XgA
agPSo7p8D6mmfpnv9c+q1JVIUEhEqihNs5/c1/dhRRn4SRIucvvzuVlXB/gqVQep
i+Ft2Tq3zgepBOxLGtZQ22o7VoBSWj8tHT6qRDG9qChsOXE054eN+r8xNbJ4rRzu
oASw1n11vm0JAqceMeadCc0Zz2y4WbIJO7jEsPTp9KUHPNwbDmNnMH7pWyHvxS4v
oZD7PbxPnyDpwRerG7zh
=Sp+3
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list