Hi, thanks for the quick answer,
but my problem is still not resolved, i check all your solutions but
nothing.
I'll show you my file zone which i wanted to sign and the command i used.
My file zone:
; This is a zone-signing key, keyid 12762, for *../etc/toto.com.*
; Created: 20120207101131 (Tue
William Thierry SAMEN thierry.sa...@gmail.com wrote:
My file zone:
Er this looks like a key file, not a zone file. The key has been generated
incorrectly: it has a file name where the zone name should be.
; This is a zone-signing key, keyid 12762, for *../etc/toto.com.*
; Created:
Absolutely Tony that was a key file which has been generated by
dnssec-keygen command.
My zone file is so simple and its look like that i have checked it before
with the named-checkzone and all is good in my file zone.
I changed option -o absolute way of my domain by the option -o my
domain only
William Thierry SAMEN thierry.sa...@gmail.com wrote:
dnssec-signzone: error: dns_master_load: ../etc/toto.com:12: toto.com: not at
top of zone
dnssec-signzone: fatal: failed loading zone from '../etc/toto.com': not at
top of zone
This is because your zone uses an include directive to
William: In my tests of DNSSEC, I have used 'auto-dnsssec maintain;' rather
than explicitly signing the zone with dnssec-signzone. I believe I recall that
you are using bind 9.8, so this should work for you as well. Here's something
you can try:
In your bind configuration use the following
Hi everybody,
sorry for my post i'm not read to bring a light to the 1st problem but to
find help.
I'm triying to sign a zone on Bind 9.8-P1 but i have this message:
*dnssec-signzone: fatal: key myKSK.key not at origin*
I just want help if someone has been confronted with this kind of message
William Thierry SAMEN thierry.sa...@gmail.com wrote:
I'm triying to sign a zone on Bind 9.8-P1 but i have this message:
*dnssec-signzone: fatal: key myKSK.key not at origin*
It means the zone name in the key is not the same as the zone you are
signing.
Tony.
--
f.anthony.n.finch
dnssec-signzone: fatal: key myKSK.key not at origin
What are the contents of myKSK.key?
The format is mydomain.com. IN DNSKEY ... where mydomain.com is the domain
origin.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
___
Please
Spain, Dr. Jeffry A. spa...@countryday.net wrote:
Checking your two name servers, 8.8.8.8 (google-public-dns-a.google.com)
doesn't appear to offer DNSSEC validation, and 78.46.213.227
(rms.coozila.com) doesn't respond to my query at all.
It's worse than that. Google Public DNS doesn't support
I am trying to validate DNSSEC signature on ns record using dig.
Domain nox.su is properly signed using DNSSEC.
I am trying to validate it as dicribed here:
http://bryars.eu/2010/08/validating-and-exploring-dnssec-with-dig/
$ dig +nocomments +nostats +nocmd +noquestion -t dnskey .
10 matches
Mail list logo
