9.9.0rc1: example from arm 4.8.3 does not validate

Axel Rau Wed, 18 Jan 2012 14:42:20 -0800

Hi all,

I tried the example from page 23 with a local zone, a trusted key and 
inline-signing, like:
---
trusted-keys {
        "example.com." 257 3 5 
"AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E 
IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe 
8ebpRn+R2YT/WPJPnwww1pEaA0DIUjntlqp6qBaaCpsN3FxeiY2zA02R 
usDYpxqJZk/VLZ7EcOHvHRc2Ifz/tKl/vanSyHQ6R2ClLr+ksRtV8N8f 
k9dqBP/xPXELAfzISwsmlXQ4fz8UzpjeDpDk2oX07v1qQCkfy17FDGJP 
vR5MLl1v+4S/sinXpmHDxVfbhZ1W4K9MeOh+1juZtGTY6c3WyWOKzrzT pMhikbuYoeM=";
};
---
and
---
zone "example.com" IN {
        type master;
        file "master/signed/example.com/example.com.zone";
        update-policy local;
        key-directory "master/signed/example.com/";
        auto-dnssec maintain;
        inline-signing yes;
        allow-query {
                any;
        };
};
---
But I'm getting no ad-flag:
---
root# dig DNSKEY +dnssec example.com.


; <<>> DiG 9.9.0rc1 <<>> DNSKEY +dnssec example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22049
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;example.com.                   IN      DNSKEY

;; ANSWER SECTION:
example.com.            86400   IN      DNSKEY  256 3 5 
AwEAAbOJTICgDlvkj+ck/K6nYBhRaLxzlgD0fiFrIzC/d9X3abRTIIXH 
MCrmxJLrdXjlb7s/zUl+9AaRpwF3+QjXXQh+uD5QCVB9iRJ+EWPxE1M6 
5B6UL2XLrtYCUtxb2t+RHT0A5hHEBBqsExcxViydx4oIJ6Rd5dvLin7K 7l6ZU/Bf
example.com.            86400   IN      DNSKEY  257 3 5 
AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E 
IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe 
8ebpRn+R2YT/WPJPnwww1pEaA0DIUjntlqp6qBaaCpsN3FxeiY2zA02R 
usDYpxqJZk/VLZ7EcOHvHRc2Ifz/tKl/vanSyHQ6R2ClLr+ksRtV8N8f 
k9dqBP/xPXELAfzISwsmlXQ4fz8UzpjeDpDk2oX07v1qQCkfy17FDGJP 
vR5MLl1v+4S/sinXpmHDxVfbhZ1W4K9MeOh+1juZtGTY6c3WyWOKzrzT pMhikbuYoeM=
example.com.            86400   IN      RRSIG   DNSKEY 5 2 86400 20120216202248 
20120117192248 9765 example.com. 
FQSI+1SKjNuGtbNobrXIXAfKZGDrq6MWjq3O1FdMocSoLlhybTV9S98y 
ELPXTGg65Wfh6A0O2ebrbIGp5cJd3ncXbdGc9nkAgOh6LRqfuvzfqDnq 
fmUPRn7Ze8XyTHq4fhpBhe6cuNrLWn/Zw4C/8OUMDiQr75IIbsWUZnpJ qGo=
example.com.            86400   IN      RRSIG   DNSKEY 5 2 86400 20120216202248 
20120117192248 56641 example.com. 
DM48WcSycwGSmtmD70xCxM6fNGVxZFLtXJK9ZEH/BU0wwAwTz8eeUtHa 
B0Vvh4ioEOgw24bdKl3oyqk/HkG530BWwTVoRp3HzmZkdgUoFY8JEb/A 
CqW9NFb+H1OGTgGtnCgrI3Fc2U9f7MaQpqkt3AzYBGYtFYtDEVDzLYcf 
UL3Eyv3MB4F3e5NqVrSymZhpcDkqfFh7uWUTGfU06ImJ7SZVdz0JHEQ2 
pcyKbS5jRrpH7yoATyyC/PzEnXIBWXSNwiveNWI2eDvC6stZa0BY5H4Z 
YJro2oRUozV67EtRlDryLqc4mgX0aOSr0mQHaUG2GzTc77fbiMoKRoH6 +tq1vw==
---
What am I doing wrong?

Axel
---
PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

9.9.0rc1: example from arm 4.8.3 does not validate

Reply via email to