DNSSEC auto-dnssec issue bind-9.7.2-P3

Zbigniew Jasiński szopen at nask.pl
Fri Jan 21 08:13:34 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

W dniu 2011-01-19 18:38, Hauke Lampe pisze:

> Another thing you might check:
> 
> With "dnssec-enable no;" in named.conf, BIND still does its automatic
> DNSSEC signing but won't add RRSIG to responses.
> 
> I ran across such a configuration lately. Your problem sounds similar.
> 
> 
> Hauke.

that was first thing which I've checked:

dnssec-enable yes;

and it's of course enabled.

I see in journal file:

./sbin/named-journalprint var/zone/example.jnl

add example.                 3600    IN      RRSIG   DNSKEY 10 1 3600
20110218225336 20110119215336 57635 example.
Xo9o137Q4BmELA0wumTLujJkHq0b/tDbYvuFCfZDfcbp8cuutDJUxCPy
<CUT>
add example.                 3600    IN      RRSIG   DNSKEY 10 1 3600
20110218225336 20110119215336 57636 example.
SfFa5xjRtb/VBm3Zv1j31VRlqJORM0laX1PuZ+Asi6IFutH4q5TeknYN
<CUT>
add example.                 3600    IN      RRSIG   SOA 10 1 3600
20110218225336 20110119215336 57635 example.
wYZ/nZbnN6HGrWTDLkfbyW4dQGMVs1ZVY+r8zc9t92ykxu7ipycxnITW
<CUT>

also RRSIG for SOA record and for DNSKEY records are present in plain
zone file but still named isn't responding with correct signatures.

- -- 
regards

zbigniew jasinski
[SYStem OPerator]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNOUAtAAoJEH26UYiRhe/goMcP/i5MLxBFh8+Fl2R2oqIKdRR1
ntBcfXBK1niJmlDpFzGu97gXNxoofk/bWVEhb+eo/e4+ln8bSuOiKVV5PQJ8zq1t
ke5jCIw7iRdBQgMcZNHQCWcI1lCWnPc0SxcCtw6u2ZItfFxqwANwFJw0oXwX/C8i
iVGflBdSUI9G/MGIaCsiwBdNBZnVhgrVz5F3KHXKC6aH49HI9kieXqz8v9pczcGR
xoy/RRrgObvb8N4jz2GA+fq8thFoKzZkoWLWG/5eE9uYd8oY3wLHIoAt0jBfGXOR
UXrFQ1QDqjUdotb3ovUGH2NH1NpWnITYm9gDWqEo3egaLpQU6itc2z57BNkuIkPS
qn3m2rgnEKy+p6flLYNxwyYnrXWVIpti73r+aPpkWQpWptEBcyCIl2su6yLZPv1y
R7ioFCualJLOWWqio9w5hQeRUvgrF6w7XBc97PMWgwLSrjHF0XADOWn9IqB4/XgA
agPSo7p8D6mmfpnv9c+q1JVIUEhEqihNs5/c1/dhRRn4SRIucvvzuVlXB/gqVQep
i+Ft2Tq3zgepBOxLGtZQ22o7VoBSWj8tHT6qRDG9qChsOXE054eN+r8xNbJ4rRzu
oASw1n11vm0JAqceMeadCc0Zz2y4WbIJO7jEsPTp9KUHPNwbDmNnMH7pWyHvxS4v
oZD7PbxPnyDpwRerG7zh
=Sp+3
-----END PGP SIGNATURE-----

More information about the bind-users mailing list