9.9.0rc1: example from arm 4.8.3 does not validate
Axel Rau
Axel.Rau at Chaos1.DE
Wed Jan 18 22:40:58 UTC 2012
Hi all,
I tried the example from page 23 with a local zone, a trusted key and inline-signing, like:
---
trusted-keys {
"example.com." 257 3 5 "AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe 8ebpRn+R2YT/WPJPnwww1pEaA0DIUjntlqp6qBaaCpsN3FxeiY2zA02R usDYpxqJZk/VLZ7EcOHvHRc2Ifz/tKl/vanSyHQ6R2ClLr+ksRtV8N8f k9dqBP/xPXELAfzISwsmlXQ4fz8UzpjeDpDk2oX07v1qQCkfy17FDGJP vR5MLl1v+4S/sinXpmHDxVfbhZ1W4K9MeOh+1juZtGTY6c3WyWOKzrzT pMhikbuYoeM=";
};
---
and
---
zone "example.com" IN {
type master;
file "master/signed/example.com/example.com.zone";
update-policy local;
key-directory "master/signed/example.com/";
auto-dnssec maintain;
inline-signing yes;
allow-query {
any;
};
};
---
But I'm getting no ad-flag:
---
root# dig DNSKEY +dnssec example.com.
; <<>> DiG 9.9.0rc1 <<>> DNSKEY +dnssec example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22049
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;example.com. IN DNSKEY
;; ANSWER SECTION:
example.com. 86400 IN DNSKEY 256 3 5 AwEAAbOJTICgDlvkj+ck/K6nYBhRaLxzlgD0fiFrIzC/d9X3abRTIIXH MCrmxJLrdXjlb7s/zUl+9AaRpwF3+QjXXQh+uD5QCVB9iRJ+EWPxE1M6 5B6UL2XLrtYCUtxb2t+RHT0A5hHEBBqsExcxViydx4oIJ6Rd5dvLin7K 7l6ZU/Bf
example.com. 86400 IN DNSKEY 257 3 5 AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe 8ebpRn+R2YT/WPJPnwww1pEaA0DIUjntlqp6qBaaCpsN3FxeiY2zA02R usDYpxqJZk/VLZ7EcOHvHRc2Ifz/tKl/vanSyHQ6R2ClLr+ksRtV8N8f k9dqBP/xPXELAfzISwsmlXQ4fz8UzpjeDpDk2oX07v1qQCkfy17FDGJP vR5MLl1v+4S/sinXpmHDxVfbhZ1W4K9MeOh+1juZtGTY6c3WyWOKzrzT pMhikbuYoeM=
example.com. 86400 IN RRSIG DNSKEY 5 2 86400 20120216202248 20120117192248 9765 example.com. FQSI+1SKjNuGtbNobrXIXAfKZGDrq6MWjq3O1FdMocSoLlhybTV9S98y ELPXTGg65Wfh6A0O2ebrbIGp5cJd3ncXbdGc9nkAgOh6LRqfuvzfqDnq fmUPRn7Ze8XyTHq4fhpBhe6cuNrLWn/Zw4C/8OUMDiQr75IIbsWUZnpJ qGo=
example.com. 86400 IN RRSIG DNSKEY 5 2 86400 20120216202248 20120117192248 56641 example.com. DM48WcSycwGSmtmD70xCxM6fNGVxZFLtXJK9ZEH/BU0wwAwTz8eeUtHa B0Vvh4ioEOgw24bdKl3oyqk/HkG530BWwTVoRp3HzmZkdgUoFY8JEb/A CqW9NFb+H1OGTgGtnCgrI3Fc2U9f7MaQpqkt3AzYBGYtFYtDEVDzLYcf UL3Eyv3MB4F3e5NqVrSymZhpcDkqfFh7uWUTGfU06ImJ7SZVdz0JHEQ2 pcyKbS5jRrpH7yoATyyC/PzEnXIBWXSNwiveNWI2eDvC6stZa0BY5H4Z YJro2oRUozV67EtRlDryLqc4mgX0aOSr0mQHaUG2GzTc77fbiMoKRoH6 +tq1vw==
---
What am I doing wrong?
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
More information about the bind-users
mailing list