Followup: I deleted and re-added the zones with this problem (179.in-addr.arpa and 3.1.1.0.0.2.ip6.arpa) as I had to perform other changes as well (a different policy from "default" and a new way of fetching the zones from the servers that generate them) and the problem is now gone.
Thank you to all who responded, I will keep you posted if this happens again. regards, Carlos On 6/16/11 11:45 AM, Carlos M. Martinez wrote: > Hi all, > > I might be doing something wrong myself, so please don't be afraid to > let me know it :-) > > Situation: OpenDNSSEC 1.2.1 operating fine, only small glitches here and > there but nothing serious. Zones being signed, keys being rollover'd. > > I upgraded to OpenDNSSEC 1.3.0rc3 while keeping all XML config files I > had from 1.2.1 (I know, my lazy side took the best of me), except that I > disabled the Auditor. > > Now everything seems to work fine (that is daemons are up, no errors > reported on logs, etc), but the signed zones only have RRSIGs for the > DNSKEY records. Really strange. Neither SOA nor NS-sets (the zones I'm > signing are LACNIC's region reverse zones, for example 179.in-addr.arpa) > have RRSIGs. > > You can check it out: > > dig +dnssec 179.in-addr.arpa soa -> no RRSIG > dig +dnssec 179.in-addr.arpa dnskey -> good-looking RRSIG ;) > > I checked the signed zone files directly (i thought this could be an > artifact of EDNS no getting through or something like that) but the > "missing" RRSIGs are not in the file either. > > warm regards > > Carlos > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -- Carlos M. Martinez LACNIC I+D PGP KeyID 0xD51507A2 Phone: +598-2604-2222 ext. 4419
<<attachment: carlos.vcf>>
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
