Ok. I will open a bug. Thanks -dani
On Thu, May 20, 2010 at 8:10 PM, Mark Andrews <[email protected]> wrote: > > In message <[email protected]>, > itse > rvices88 writes: > > Hi, > > > > I am having a dnssec problem while signing zone: > > > > # dnssec-signzone -N INCREMENT mydomain.org > > Verifying the zone using the following algorithms: RSASHA1. > > Missing RSASHA1 signature for . NSEC > > The zone is not fully signed for the following algorithms: RSASHA1. > > dnssec-signzone: fatal: DNSSEC completeness test failed. > > > > What could be wrong .... > > > > I have followed these steps: > > > > OS = centos 5.4 with bind-9.6.2-3.P1 > > > http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-dn > > ssec-nsec3-support/ > > > > dnssec-keygen -a RSASHA1 -b 1024 -n ZONE mydomain.org > > dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE mydomain.org > > cat Kmydomain.org.+005+*.key >> mydomain.org > > dnssec-signzone -N INCREMENT mydomain.org > > I suspect we will need to see the zone and the K* files. Open a > bug report with [email protected] and send the files to see if we > can reproduce it. > > > Under options in named.conf > > named.conf will have no effect on this. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] >
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
