Problem with 9.6.2-p1
Daniel Ryslink
daniel.ryslink at firma.volny.cz
Tue Apr 6 11:24:30 UTC 2010
By the way, similar problem occurs in 9.6.2-p1. According to changelog,
support for RSA/SHA-256 (algorithm number 8 in dnssec-related
records) was backported into 9.6.2 from 9.7 (and indeed, 9.6.2 has no
problems with the TLDs recently signed with keys using RSA/SHA-256)
However, after upgrading to 9.6.2-p1, these very records are rejected by
the nameserver:
29-Mar-2010 09:33:59.371 config: error: itar.key:3: configuring trusted
key for 'ARPA.': algorithm is unsupported
Evidently, the RSA/SHA-256 support was removed from p1, but why? (...
accident?).
Daniel Ryslink
On Tue, 30 Mar 2010, Kevin Darcy wrote:
> On 3/30/2010 3:53 PM, Markus Feldmann wrote:
>> Hi All,
>>
>> i tried to reload my config and zones with rndc. My Bind version is BIND
>> 9.5.1-P3. My rndc.key looks like this.
>> key feld-server.feldland.lan. {
>> algorithm HMAC-MD5.SIG-ALG.REG.INT;
>> secret TNCrihQV8NjY6bzA5GMJIg==;
>> };
>>
>> This is what i also got from creating the sig-key. I still included this
>> key into my named.conf and into dhcpd.conf.
>>
>> But i get this message.
>> rndc: unsupported algorithm: HMAC-MD5.SIG-ALG.REG.INT
>>
>> What is the Problem?
>>
>
> AFAIK, the only algorithm supported by rndc is "hmac-md5".
>
> -
> Kevin
>
> P.S. Why would you copy an rndc key into dhcpd.conf?
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list