Hi, I imported DNSSEC keys originally generated with bind into our powerdns database so we can use the much nicer operational toggles on that.
The zone data is still hosted in bind, but then transferred un-signed into powerdns. The MySQL database is replicated to some DNS servers and a few others will fetch the (signed) data with AXFR. The keys appears (to me) to be imported correctly, but the zone isn't getting any RRSIG signatures. pdnssec show-zone output below. Not sure if there's anything else I can show to help you show me what I did wrong. I'm using 3.0.1. Ask $ pdnssec show-zone ntppool.com Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab Zone is not presigned keys: ID = 16 (KSK), tag = 25339, algo = 8, bits = 2048 Active: 1 KSK DNSKEY = ntppool.com IN DNSKEY 257 3 8 AwEAAdGJ1ccaHQgK6+hlw0CLZ04NM7dIutpS7NGcf2RfCiY0MPXHjfFRfzYH+tzxGuoP0DL8tydW379lAuZiozgjtop3gd3RMffFRfrMFGnp4Xk4aBJ7HHx597/Z+SFru0bLtZjtLc3w9JmmdiYytZKOduwk/XiHD+aW8c67Jr83xAZJSqOXRCKwIDKVT6fAQ2pgrXtgFOXIyFVBIFjeApXj4TaOasJ6CM05wh4zSIz6kGPto8xgP6+FMasH+OGizu+mUT/l4mzXPZUhSqYsTp3rWQ585G2E67JWkncAKwgXA1NoSjqZcTU1xY+1ltIiUVi7rHK4B6WLSi74B+tYN6fgYsk= DS = ntppool.com IN DS 25339 8 1 8022ccda660009983b2dec059222458f37ec6d2c DS = ntppool.com IN DS 25339 8 2 7c518cf2f20e8f3b1497745b76aff3c6be803e15f3d22441f245ed554c7fff05 DS = ntppool.com IN DS 25339 8 3 01d0420b6b8a1b78f5a6883c6347f082160fa093b336c39cce6f7251b113bbe2 ID = 17 (ZSK), tag = 43868, algo = 7, bits = 1024 Active: 0 ID = 18 (ZSK), tag = 55464, algo = 8, bits = 1024 Active: 1 ID = 19 (ZSK), tag = 64518, algo = 8, bits = 1024 Active: 1 _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
