playing with 9.9.2b1 and ECDSA
Tony Finch
dot at dotat.at
Wed Aug 15 19:23:20 UTC 2012
Is automatic signing with ECDSA supposed to work yet? I ran:
$ dnssec-keygen -a ECDSAP256SHA256 -f KSK fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+03356
$ dnssec-keygen -a ECDSAP256SHA256 fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+63927
$ chmod g+r K*
$ rndc loadkeys fanf2.ucam.org
And BIND said:
15-Aug-2012 19:56:31.942 general: info: received control channel command 'loadkeys fanf2.ucam.org'
15-Aug-2012 19:56:31.954 general: info: zone fanf2.ucam.org/IN: reconfiguring zone keys
15-Aug-2012 19:56:31.969 general: error: zone fanf2.ucam.org/IN: update_sigs:add_sigs -> sign failure
(blank line)
15-Aug-2012 19:56:31.970 general: error: zone fanf2.ucam.org/IN: sign_apex:update_sigs -> sign failure
(blank line)
dnssec-signzone appears to work.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Thames, Dover, Wight: South or southwest 4 or 5, increasing 6 at times,
backing southeast later, 3 or 4. Slight or moderate, occasionally rough in
Wight. Showers. Moderate or good.
More information about the bind-users
mailing list