-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ralf,
Tried myself, and it works well for me. Do you have openssl 0.9.8 (or newer) ? 0.9.7 does not do SHA256 I think; and that could cause the validation failure - since none of the trust anchors work. Best regards, Wouter Ralf Weber wrote: > Moin! > > RIPE recently published all there trust anchors as zone file format as > DS records with SHA256 as digest algorithm. Now I seem to have problems > when I use this file with unbound 1.2.1 as trust-anchor-file. Some keys > seem to work, some not. One that does not work is: > ripe.net. DS 7543 5 2 > A281F1D5BB5DE2FA435D77C0989321D757EA0FACED1CC7643D1ED6E64A4D3999 > now when I generate an SHA1 DS record out of the key it does work > perfectly. > ripe.net. DS 7543 5 1 5f4134815032c5b39b02b9d248bbf49de44e1297 > Here's the verbosity 3 output of a failed lookup to www.ripe.net using > the first DS as trust anchor: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmcCLcACgkQkDLqNwOhpPj6hgCgkLNqyNzcHO4No23NMGuAoN+5 P90AoIqaaAkXoNhwQlYYupgVfQZLsJ4R =B9j5 -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
