Hi James, I can't reproduce the issue, but I have verified that powerdns does the right thing for me. This has been added to the regression tests.
I have also verified that your nameserver indeed produces signatures that 'drill' won't validate - probably because they are wrong. Would it be possible for you to send me your database (securely)? This would allow me to reproduce the issue (or not, and then we can figure out what else could be causing it). I've attached my PGP key. Kind regards, Bert On Wed, Apr 27, 2011 at 03:22:33PM +0200, bert hubert wrote: > On Sat, Apr 23, 2011 at 02:24:30PM -0400, James Cloos wrote: > > KSK DNSKEY = jhcloos.us IN DNSKEY 257 3 8 > > AwEAAdDnaycbNggeRGm1GhMhIiP33JGfvp38qlt1KZlnTMeW/4CaVMTCpIG8F2di+G2/HS/n3OBOWh2JWpCMFwkW3KSfOV4b0ZViRqPGdiha/JTXWKY45/CNZISX+oDm22pVY2Gi6K7bvQl0vOk6NHljV5ZochKBg4i27egAHxksqZe2PHr1I2pXqFFua+dCPgStpyQmtg95utYlJKyQDY5GQ1j7P8R8kSYFMl85ej4/kwW0/PNieeZL/H5o2KfI0euoGXgMDn0fiBSlEPM6H8JTuc4JWIoGOmd7hhPupMlcQLIBGFy7R1pQbuRPk4WpKTwkOEIIpHVqAtvuRkk/SK25n0U= > > DS = jhcloos.us IN DS 23900 8 1 a00d0b5c2d72b86fc636289ce0ac9f1ef4e3830d > > Based on this DNSKEY, the 'drill' tool from NLNetLabs calculates the > following DS: > ; jhcloos.us. IN DS 23900 8 1 > a00d0b5c2d72b86fc636289ce0ac9f1ef4e3830d > > So at least algorithm 1 appears to be correctly calculated. > > > :; dig +dnssec +sigchase +trusted-key=./trusted-keys -t MX jhcloos.us > > @localhost > > ;; RRset to chase: > > jhcloos.us. 86400 IN MX 10 pao.uu.jhcloos.net. > > I'll try to check everything else to see what might be going on. > > Bert
binXXI5V0Qvy3.bin
Description: PGP Key 0xD2E71575.
_______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
