Hi Matthijs, I'm using OpenDNSSEC1.3.10 for test purpose, and using <NotifyCommand> with a script to do the afterwards work. And I'm not using Audit which is not recommended.
But I have found out that sometimes the signed and raw zone file 's RRs do not match. The attachment called ods_call_by_opendnssec.sh is the script called by <NotifyCommand>, you can see clearly what we do after signing work ends, and when the validation failed, there seems nothing we can do to make up for it, I have tried to call 'ods-signer sign %zone' but somethings more weird occurs, it seems the processes are there, but no output generated, so I need your opinion. The attachment called validateZoneData.sh is the scripted used for compare signed file with the raw one in case it lacks RRs. Our raw zone file is lowercase and signed zone file is uppercase. The last file is a log generated by ods_call_by_opendnssec.sh, you can see that tld test4 's validation are failed because the NS RRs does not match with the unsigned file. I have found the same problem in OpenDNSSEC1.4.a2 and I would like to help if needed. Thanks. Best regards, Stuart
ods_call_by_opendnssec.sh
Description: Binary data
zonefile.log
Description: Binary data
validateZoneData.sh
Description: Binary data
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
