DNSSEC signing issues
fakessh
fakessh at fakessh.eu
Fri Apr 22 16:43:17 UTC 2011
Le vendredi 22 avril 2011 04:20, Security Admin (NetSec) a écrit :
> I am running BIND 9.4.2-P2 on OpenBSD v4.8
>
> I have created the ZSK and KSK and added the keys to my zonefile
> "mydomain.hosts" using the "cat" command to append to the end of the host
> file.
>
> When attempting to use the following command "dnssec-signzone -N INCREMENT
> mydomain.hosts" I get the following error:
>
> dnssec-signzone: error: dns_master_load: mydomain.hosts:15: mydomain.com:
> not at top of zone dnssec-signzone: failed loading zone from '
> mydomain.hosts': not at top of zone
>
> I own this domain and the DNS servers associated with them. Line 15
> referenced in the above error is an MX record within the host file. I am
> unsure how to debug this error. Any help would be appreciated.
we sign areas as explained in the page of the isc we take 1 of 2 record DNSKEY
we publish in the isc after you retrieve the record is dlv TXT resigns areas
and wait for the secondaries restet
--
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110422/60259391/attachment.bin>
More information about the bind-users
mailing list