Hi: This happened today on my testing box.
Zone Serial Time Signed Status Diff nz 2011030300 9:30:44 Validates nz 2011030301 9:46:03 Bogus sig added ZSK nz 2011030302 11:52:09 Validates refresh sig nz 2011030304 13:28:18 Bogus sig deleted ZSK Note1: Verified with ldns-verify-zone. In case of the bogus signatures, the error is Error: Bogus DNSSEC signature for nz. SOA Error: Bogus DNSSEC signature for nz. DNSKEY Note2: There is no 2011030303 serial. Column 'Diff' indicates what changed between zones. May be it's just a coincidence, but the zone with bogus sig appears after an operation around ZSK keys. There are no indication in the logs about an error, using verbosity level 4. I haven't checked if other zones repeat the same pattern, this one stands up because validation breaks for all the zones I'm playing with. Any suggestions to diagnose? Regards, -- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
