<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial" size="2">
<div>-----BEGIN PGP SIGNED MESSAGE-----</div>
<div>Hash: SHA256</div>
<div> </div>
<div>Hi</div>
<div> </div>
<div>I am setting up an education environment based on OpenDNSSEC. In this environment I want to have my own root. The resolvers will be configured with this root. My root will be signed with OpenDNSSEC. But I cannot sign it.</div>
<div> </div>
<div>My first attempt was to use this configuration:</div>
<div> </div>
<div>        <Zone name="."></div>
<div>                <Policy>default</Policy></div>
<div>                <SignerConfiguration>/var/opendnssec/signconf/root.xml</SignerConfiguration></div>
<div>                <Adapters></div>
<div>                        <Input></div>
<div>                                <File>/var/cache/bind/unsigned/root</File></div>
<div>                        </Input></div>
<div>                        <Output></div>
<div>                                <File>/var/cache/bind/signed/root</File></div>
<div>                        </Output></div>
<div>                </Adapters></div>
<div>        </Zone></div>
<div> </div>
<div>The Signer was able to sign the zone and the result looked ok. I get files like:</div>
<div>..finalized</div>
<div>..sorted</div>
<div> </div>
<div>But the Auditor fails with:</div>
<div>Feb 12 15:51:02 TeacherODS-LAB ods-auditor[2687]: SOA name () is different to the configured zone name (.) - aborting </div>
<div> </div>
<div>So I tried with a second configuration:</div>
<div> </div>
<div>        <Zone name=""></div>
<div>                <Policy>default</Policy></div>
<div>                <SignerConfiguration>/var/opendnssec/signconf/root.xml</SignerConfiguration></div>
<div>                <Adapters></div>
<div>                        <Input></div>
<div>                                <File>/var/cache/bind/unsigned/root</File></div>
<div>                        </Input></div>
<div>                        <Output></div>
<div>                                <File>/var/cache/bind/signed/root</File></div>
<div>                        </Output></div>
<div>                </Adapters></div>
<div>        </Zone></div>
<div> </div>
<div>And now the Signer fails:</div>
<div> </div>
<div>Feb 12 15:57:57 TeacherODS-LAB ods-signerd: Run command: '/usr/local/libexec/opendnssec/sorter -o  -f /var/cache/bind/unsigned/root -w /var/opendnssec/tmp/.sorted -m 3600 -t 3600'</div>
<div>Feb 12 15:57:57 TeacherODS-LAB ods-signerd: stderr from sorter: Error, no zone name specified (-o)</div>
<div> </div>
<div>How should you configure OpenDNSSEC to sign the root? How do we want OpenDNSSEC to behave?</div>
<div> </div>
<div>// Rickard</div>
<div> </div>
<div>-----BEGIN PGP SIGNATURE-----</div>
<div>Version: 9.8.3 (Build 4028)</div>
<div>Charset: utf-8</div>
<div> </div>
<div>wsBVAwUBS3Vvf+CjgaNTdVjaAQiDCQf+Ol8Q+1ixqfjPHoiT4t0R0PjR3eZuYg6A</div>
<div>XqE7KFaXykzaoaJV2IKMr5PcNuP/Hol2CwLzwSxnJtGZrHNM1gu3Y8tCxS4r7fYG</div>
<div>C05HOSdBNMgMkyzfIo2t+77emRcHnimsF3f9v2qWpA+2AaxhezqiqvQCGQIFAPgN</div>
<div>FI0aQh/zCUv6tZe/9b48md56m5eVaE3+3RL5rL9OkLm105X9m0wi9zUi61FvkRFL</div>
<div>Qaj5UJ9AbKeacPujba3O075MQQaNpxBBk2viXTis5uHZdJgGw+iDMSzGrFILzLtH</div>
<div>1AaCgolVAfeTj2gicasY6UcYxMaZMwdrAttBh4NCFWqoNMxlvdFAsA==</div>
<div>=zmSU</div>
<div>-----END PGP SIGNATURE-----</div>
<div> </div>
<div> </div>
</font>
</body>
</html>