How to validate DNSSEC signed record with dig?
William Thierry SAMEN
thierry.samen at gmail.com
Wed Feb 8 09:46:13 UTC 2012
Hi, thanks for the quick answer,
but my problem is still not resolved, i check all your solutions but
nothing.
I'll show you my file zone which i wanted to sign and the command i used.
My file zone:
; This is a zone-signing key, keyid 12762, for *../etc/toto.com.*
; Created: 20120207101131 (Tue Feb 7 11:11:31 2012)
; Publish: 20120207101131 (Tue Feb 7 11:11:31 2012)
; Activate: 20120207101131 (Tue Feb 7 11:11:31 2012)
*../etc/toto.com*. IN DNSKEY 256 3 5
AwEAAbpc1rBsrB3XrOlUAE1Xxfyef9POsH8jypLVImuBPEGgE
Command line that i used for sign this zone
./dnssec-signzone -p -t -g -k KSK.key -o toto.com ../etc/toto.com ZSK.key
Have you seen some mistake?
Thanks for your help.
2012/2/7 Spain, Dr. Jeffry A. <spainj at countryday.net>
> > dnssec-signzone: fatal: key myKSK.key not at origin
>
> What are the contents of myKSK.key?
> The format is "mydomain.com. IN DNSKEY ..." where mydomain.com is the
> domain origin.
>
> Jeffry A. Spain
> Network Administrator
> Cincinnati Country Day School
>
>
--
Cordialement.
Thierry *SAMEN.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120208/b3cf9505/attachment.html>
More information about the bind-users
mailing list