Thank you very much for your help i'm going to try it wright now.
2012/2/8 Spain, Dr. Jeffry A.
> William: In my tests of DNSSEC, I have used 'auto-dnsssec maintain;'
> rather than explicitly signing the zone with dnssec-signzone. I believe I
> recall that you are using bind 9.8, so this should
William: In my tests of DNSSEC, I have used 'auto-dnsssec maintain;' rather
than explicitly signing the zone with dnssec-signzone. I believe I recall that
you are using bind 9.8, so this should work for you as well. Here's something
you can try:
In your bind configuration use the following zone
William Thierry SAMEN wrote:
>
> dnssec-signzone: error: dns_master_load: ../etc/toto.com:12: toto.com: not at
> top of zone
> dnssec-signzone: fatal: failed loading zone from '../etc/toto.com': not at
> top of zone
This is because your zone uses an include directive to import the key
files, an
Absolutely Tony that was a key file which has been generated by
dnssec-keygen command.
My zone file is so simple and its look like that i have checked it before
with the named-checkzone and all is good in my file zone.
I changed option -o by the option -o only and now i had this error:
dnssec-
William Thierry SAMEN wrote:
>
> My file zone:
Er this looks like a key file, not a zone file. The key has been generated
incorrectly: it has a file name where the zone name should be.
> ; This is a zone-signing key, keyid 12762, for *../etc/toto.com.*
> ; Created: 20120207101131 (Tue Feb 7 11:
Hi, thanks for the quick answer,
but my problem is still not resolved, i check all your solutions but
nothing.
I'll show you my file zone which i wanted to sign and the command i used.
My file zone:
; This is a zone-signing key, keyid 12762, for *../etc/toto.com.*
; Created: 20120207101131 (Tue
> dnssec-signzone: fatal: key myKSK.key not at origin
What are the contents of myKSK.key?
The format is "mydomain.com. IN DNSKEY ..." where mydomain.com is the domain
origin.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
___
Plea
William Thierry SAMEN wrote:
>
> I'm triying to sign a zone on Bind 9.8-P1 but i have this message:
>
> *dnssec-signzone: fatal: key myKSK.key not at origin*
It means the zone name in the key is not the same as the zone you are
signing.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Rockall, Ma
Hi everybody,
sorry for my post i'm not read to bring a light to the 1st problem but to
find help.
I'm triying to sign a zone on Bind 9.8-P1 but i have this message:
*dnssec-signzone: fatal: key myKSK.key not at origin*
I just want help if someone has been confronted with this kind of message
i'
Spain, Dr. Jeffry A. wrote:
>
> Checking your two name servers, 8.8.8.8 (google-public-dns-a.google.com)
> doesn't appear to offer DNSSEC validation, and 78.46.213.227
> (rms.coozila.com) doesn't respond to my query at all.
It's worse than that. Google Public DNS doesn't support DNSSEC at all, so
, Dr. Jeffry A. [mailto:spa...@countryday.net]
Sent: 05 February 2012 09:35 PM
To: Nikolay Shaplov
Cc: bind-users@lists.isc.org
Subject: RE: How to validate DNSSEC signed record with dig?
> I am trying to validate DNSSEC signature on ns record using dig.
> Domain nox.su is properly signed
> I am trying to validate DNSSEC signature on ns record using dig.
> Domain nox.su is properly signed using DNSSEC.
> I am trying to validate it as dicribed here:
> http://bryars.eu/2010/08/validating-and-exploring-dnssec-with-dig/
> $ dig +nocomments +nostats +nocmd +noquestion -t dnskey . > trus
Hi!
I am trying to validate DNSSEC signature on ns record using dig.
Domain nox.su is properly signed using DNSSEC. Prove link:
http://dnssec-debugger.verisignlabs.com/nox.su
I am trying to validate it as dicribed here:
http://bryars.eu/2010/08/validating-and-exploring-dnssec-with-dig/
$ dig
13 matches
Mail list logo
