Hi,
I've just updated my testlab to use the 2.1.11 version of OpenDNSSec.
So that I can try out the Salt Length="0" configuration. Initially,
the configuration seems to work as expected, the signed zone gets an
NSEC3PARAM record with value '1 0 0 -'.
However, after I restart the signer, I get the following errors
repeated for each of my zones:
ods-signerd[179661]: [zone] corrupted backup file zone sj: read
nsec3parameters error
ods-signerd[179661]: [engine] unable to recover zone sj from backup,
performing full sign
The nsec3param record in the tmp/sj.backup2 file looks fine to me
('sj. 0 IN NSEC3PARAM 1 0 0 -'). So I wonder if this might be a
problem with the code reading the .backup2 file, as it seem to be
confused by the no salt '-' syntax?
Erik Østlyngen
Norid AS
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
