Hi all, I might be doing something wrong myself, so please don't be afraid to let me know it :-)
Situation: OpenDNSSEC 1.2.1 operating fine, only small glitches here and there but nothing serious. Zones being signed, keys being rollover'd. I upgraded to OpenDNSSEC 1.3.0rc3 while keeping all XML config files I had from 1.2.1 (I know, my lazy side took the best of me), except that I disabled the Auditor. Now everything seems to work fine (that is daemons are up, no errors reported on logs, etc), but the signed zones only have RRSIGs for the DNSKEY records. Really strange. Neither SOA nor NS-sets (the zones I'm signing are LACNIC's region reverse zones, for example 179.in-addr.arpa) have RRSIGs. You can check it out: dig +dnssec 179.in-addr.arpa soa -> no RRSIG dig +dnssec 179.in-addr.arpa dnskey -> good-looking RRSIG ;) I checked the signed zone files directly (i thought this could be an artifact of EDNS no getting through or something like that) but the "missing" RRSIGs are not in the file either. warm regards Carlos -- Carlos M. Martinez LACNIC I+D PGP KeyID 0xD51507A2 Phone: +598-2604-2222 ext. 4419
<<attachment: carlos.vcf>>
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
