In message <[email protected]>, itse rvices88 writes: > Hi, > > I am having a dnssec problem while signing zone: > > # dnssec-signzone -N INCREMENT mydomain.org > Verifying the zone using the following algorithms: RSASHA1. > Missing RSASHA1 signature for . NSEC > The zone is not fully signed for the following algorithms: RSASHA1. > dnssec-signzone: fatal: DNSSEC completeness test failed. > > What could be wrong .... > > I have followed these steps: > > OS = centos 5.4 with bind-9.6.2-3.P1 > http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-dn > ssec-nsec3-support/ > > dnssec-keygen -a RSASHA1 -b 1024 -n ZONE mydomain.org > dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE mydomain.org > cat Kmydomain.org.+005+*.key >> mydomain.org > dnssec-signzone -N INCREMENT mydomain.org
I suspect we will need to see the zone and the K* files. Open a bug report with [email protected] and send the files to see if we can reproduce it. > Under options in named.conf named.conf will have no effect on this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
