Hello, I am currently having issues on a small virtualized infrastructure. I have 3 systems all running ubuntu 10.10
DNS Server - 192.168.204.200 Webserver - 192.168.204.100 Client - 192.168.204.50 I followed the instructions at these tutorials to get DNS working. ( http://www.youtube.com/watch?NR=1&feature=endscreen&v=OUv03JV5SLc) I was able to do a lookup and visit www.example.com as expected from my client machine, and pull the web site from my web server. I did not attempt any other DNSSEC steps at this point, I simply tried installing dependencies and setting up OpenDNSSEC, and am currently having issues with several errors. Feb 29 14:39:08 ubuntu ods-auditor[30131]: example.com : SOA differs : from 2011022003 to 2011022004 Feb 29 14:39:08 ubuntu ods-auditor[30131]: example.com : Auditing example.com zone : NSEC SIGNED Feb 29 14:39:08 ubuntu ods-auditor[30131]: example.com : DNSKEY RR present in unsigned file : example.com. 259200 IN DNSKEY 256 3 RSASHA1 ( AwEAAbd5A7tgIfFB+otnAym1dsRwumVptUMj65jqppAxdk17crCSzZEvGW2g1MBFHMEFTsUT5dWb+G9ype5BllsIRtlfdLiGO6LD251G63v65QbET+akIMneBfKnupCM/T7BLMky9WBScA5YHK0SzrUuUvqBNbxbdsvqo/Q4oHlW8a+9 ) ; key_tag=58425 Feb 29 14:39:08 ubuntu ods-auditor[30131]: example.com : Finished auditing example.com zone Feb 29 14:39:08 ubuntu ods-signerd: [worker[2]] backoff task [read] for zone example.com with 3600 seconds Feb 29 15:31:21 ubuntu ods-signerd: [data] unable to use unixtime 1330558281 as serial: not greater than inbound serial 2011022003 as well as Feb 29 15:31:21 ubuntu ods-signerd: [data] unable to use unixtime 1330558281 as serial: not greater than inbound serial 2011022003 Feb 29 15:31:21 ubuntu ods-auditor[30595]: Auditor started Feb 29 15:31:22 ubuntu ods-auditor[30595]: Auditor starting on example.com Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : SOA differs : from 2011022003 to 2011022004 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : Auditing example.com zone : NSEC SIGNED Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for example.com, DNSKEY, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for example.com, NS, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for example.com, SOA, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for example.com, NSEC, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : DNSKEY RR present in unsigned file : example.com. 259200 IN DNSKEY 256 3 RSASHA1 ( AwEAAbd5A7tgIfFB+otnAym1dsRwumVptUMj65jqppAxdk17crCSzZEvGW2g1MBFHMEFTsUT5dWb+G9ype5BllsIRtlfdLiGO6LD251G63v65QbET+akIMneBfKnupCM/T7BLMky9WBScA5YHK0SzrUuUvqBNbxbdsvqo/Q4oHlW8a+9 ) ; key_tag=58425 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for pegasus.example.com, A, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for pegasus.example.com, NSEC, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for www.example.com, CNAME, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : RRSIGS should include algorithm RSASHA1 for www.example.com, NSEC, have : RSASHA256 Feb 29 15:31:24 ubuntu ods-auditor[30595]: example.com : Finished auditing example.com zone Feb 29 15:31:24 ubuntu ods-signerd: [tools] audit failed for zone example.com Feb 29 15:31:24 ubuntu ods-signerd: [worker[1]] backoff task [read] for zone example.com with 3600 seconds Please let me know if you have suggestions. Thanks
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
