How to validate DNSSEC signed record with dig?

William Thierry SAMEN thierry.samen at gmail.com
Wed Feb 8 12:52:58 UTC 2012 

Absolutely Tony that was a key file which has been generated by
dnssec-keygen command.

My zone file is so simple and its look like that i have checked it before
with the named-checkzone and all is good in my file zone.

I changed option -o <absolute way of my domain> by the option -o <my
domain> only and now i had this error:

dnssec-signzone: error: dns_master_load: ../etc/toto.com:12: toto.com: not
at top of zone
dnssec-signzone: fatal: failed loading zone from '../etc/toto.com': not at
top of zone

at the line 12 of my file zone i haven't seen any mistake.

here is my zone file:

$ORIGIN .
$TTL 17200      ; 4 hours 46 minutes 40 seconds
toto.com.     IN SOA  ns10.boom.fr. postmaster.boom.com. (
                                2012020802 ; serial
                                216000     ; refresh (2 days 12 hours)
                                3600       ; retry (1 hour)
                                3600000    ; expire (5 weeks 6 days 16
hours)
                                172800     ; minimum (2 days)
                                )
                        NS      ns.boom.fr.
                        NS      ns2.boom.fr.
                        A       217.128.32.85
$ORIGIN toto.com.
*                       A       217.128.32.85

;DNSsec keys starts here

$include
/exec/applis/thierry/DNS/sbin/K%2Fexec%2Fapplis%2Fthierry%2Fdns%2Fetc%2Ftoto.com.+005+12762.key
$include
/exec/applis/thierry/DNS/sbin/K%2Fexec%2Fapplis%2Fthierry%2Fdns%2Fetc%2Ftoto.com.+005+60826.key

Thanks


2012/2/8 Tony Finch <dot at dotat.at>

> William Thierry SAMEN <thierry.samen at gmail.com> wrote:
> >
> > My file zone:
>
> Er this looks like a key file, not a zone file. The key has been generated
> incorrectly: it has a file name where the zone name should be.
>
> > ; This is a zone-signing key, keyid 12762, for *../etc/toto.com.*
> > ; Created: 20120207101131 (Tue Feb  7 11:11:31 2012)
> > ; Publish: 20120207101131 (Tue Feb  7 11:11:31 2012)
> > ; Activate: 20120207101131 (Tue Feb  7 11:11:31 2012)
> > *../etc/toto.com*. IN DNSKEY 256 3 5
> AwEAAbpc1rBsrB3XrOlUAE1Xxfyef9POsH8jypLVImuBPEGgE
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Viking, North Utsire: Southerly 5 to 7, occasionally gale 8 in Viking.
> Rough,
> becoming very rough in Viking. Rain later. Good, becoming moderate later.
>



-- 
Cordialement.
Thierry *SAMEN.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120208/57e291f1/attachment.html>

More information about the bind-users mailing list