Handling of RSASHA256 and RSASHA512 in 9.6.1-P1 ?
Sue True
bloomingtonian at gmail.com
Thu Aug 19 18:15:34 UTC 2010
Does 9.6.1-P1 as authoritative nameserver support RSASHA256 and RSASHA512 ?
We are running 9.7.1-P2 and would like to use RSASHA256 or RSASHA512 to
create the keys, but our secondary is still on 9.6.1-P1, can they handle
our singed zone with RSASHA256 or RSASHA512, or they have to upgrade ?
I tried 9.6.1-P3 and got these errors:
# rndc status
version: 9.6.1-P3 (unknown)
#dnssec-keygen -a RSASHA256 -b 1024 test.iu.edu
dnssec-keygen: unknown algorithm RSASHA256
#dnssec-keygen -a RSASHA512 -b 1024 test.iu.edu
dnssec-keygen: unknown algorithm RSASHA512
Also the this is item 2726. of 9.7.0b2 release:
2726. [func] Added support for SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512. [RT #20023]
Thanks,
Sue
More information about the bind-users
mailing list