Changes BIND 9.15+ source distribution (gz -> xz, and SHA1 deprecation)
Alan Batie
alan at peak.org
Thu Mar 5 21:38:34 UTC 2020
On 3/5/20 5:26 AM, Tony Finch wrote:
> I think those errors from dnssec-verify look to me like you have an
> RSASHA256 KSK and an RSASHA1 ZSK. Your key files should all have names
> like K*+008+* not K*+005+*. In older versions of BIND it's easy to
> accidentally get a bad key by forgetting the -a option to dnssec-keygen.
That sounds like a likely scenario actually
> (BTW I prefer to talk about "keys" when I have the files with both the
> public and private parts, and only talk about DNSKEYs when I'm referring
> to the public parts published in zone files.)
Seems reasonable, thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4036 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200305/ff596464/attachment.bin>
More information about the bind-users
mailing list