<div>Hello,</div><div><br></div><div>I am currently having issues on a small virtualized infrastructure. I have 3 systems all running ubuntu 10.10</div><div><br></div><div>DNS Server - 192.168.204.200</div><div>Webserver - 192.168.204.100</div>
<div>Client - 192.168.204.50</div><div><br></div><div>I followed the instructions at these tutorials to get DNS working. (<a href="http://www.youtube.com/watch?NR=1&feature=endscreen&v=OUv03JV5SLc">http://www.youtube.com/watch?NR=1&feature=endscreen&v=OUv03JV5SLc</a>)</div>
<div><br></div><div>I was able to do a lookup and visit <a href="http://www.example.com">www.example.com</a> as expected from my client machine, and pull the web site from my web server.</div><div><br></div><div>I did not attempt any other DNSSEC steps at this point, I simply tried installing dependencies and setting up OpenDNSSEC, and am currently having issues with several errors.</div>
<div><br></div><div>Feb 29 14:39:08 ubuntu ods-auditor[30131]: <a href="http://example.com">example.com</a> : SOA differs : from 2011022003 to 2011022004</div><div>Feb 29 14:39:08 ubuntu ods-auditor[30131]: <a href="http://example.com">example.com</a> : Auditing <a href="http://example.com">example.com</a> zone : NSEC SIGNED</div>
<div>Feb 29 14:39:08 ubuntu ods-auditor[30131]: <a href="http://example.com">example.com</a> : DNSKEY RR present in unsigned file : <a href="http://example.com">example.com</a>. 259200 IN DNSKEY 256 3 RSASHA1 ( AwEAAbd5A7tgIfFB+otnAym1dsRwumVptUMj65jqppAxdk17crCSzZEvGW2g1MBFHMEFTsUT5dWb+G9ype5BllsIRtlfdLiGO6LD251G63v65QbET+akIMneBfKnupCM/T7BLMky9WBScA5YHK0SzrUuUvqBNbxbdsvqo/Q4oHlW8a+9 ) ; key_tag=58425</div>
<div>Feb 29 14:39:08 ubuntu ods-auditor[30131]: <a href="http://example.com">example.com</a> : Finished auditing <a href="http://example.com">example.com</a> zone</div><div>Feb 29 14:39:08 ubuntu ods-signerd: [worker[2]] backoff task [read] for zone <a href="http://example.com">example.com</a> with 3600 seconds</div>
<div>Feb 29 15:31:21 ubuntu ods-signerd: [data] unable to use unixtime 1330558281 as serial: not greater than inbound serial 2011022003</div><div><br></div><div>as well as</div><div><br></div><div>Feb 29 15:31:21 ubuntu ods-signerd: [data] unable to use unixtime 1330558281 as serial: not greater than inbound serial 2011022003</div>
<div>Feb 29 15:31:21 ubuntu ods-auditor[30595]: Auditor started</div><div>Feb 29 15:31:22 ubuntu ods-auditor[30595]: Auditor starting on <a href="http://example.com">example.com</a></div><div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : SOA differs : from 2011022003 to 2011022004</div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : Auditing <a href="http://example.com">example.com</a> zone : NSEC SIGNED</div><div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://example.com">example.com</a>, DNSKEY, have : RSASHA256 </div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://example.com">example.com</a>, NS, have : RSASHA256 </div><div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://example.com">example.com</a>, SOA, have : RSASHA256 </div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://example.com">example.com</a>, NSEC, have : RSASHA256 </div><div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : DNSKEY RR present in unsigned file : <a href="http://example.com">example.com</a>. 259200 IN DNSKEY 256 3 RSASHA1 ( AwEAAbd5A7tgIfFB+otnAym1dsRwumVptUMj65jqppAxdk17crCSzZEvGW2g1MBFHMEFTsUT5dWb+G9ype5BllsIRtlfdLiGO6LD251G63v65QbET+akIMneBfKnupCM/T7BLMky9WBScA5YHK0SzrUuUvqBNbxbdsvqo/Q4oHlW8a+9 ) ; key_tag=58425</div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://pegasus.example.com">pegasus.example.com</a>, A, have : RSASHA256 </div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://pegasus.example.com">pegasus.example.com</a>, NSEC, have : RSASHA256 </div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://www.example.com">www.example.com</a>, CNAME, have : RSASHA256 </div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : RRSIGS should include algorithm RSASHA1 for <a href="http://www.example.com">www.example.com</a>, NSEC, have : RSASHA256 </div>
<div>Feb 29 15:31:24 ubuntu ods-auditor[30595]: <a href="http://example.com">example.com</a> : Finished auditing <a href="http://example.com">example.com</a> zone</div><div>Feb 29 15:31:24 ubuntu ods-signerd: [tools] audit failed for zone <a href="http://example.com">example.com</a></div>
<div>Feb 29 15:31:24 ubuntu ods-signerd: [worker[1]] backoff task [read] for zone <a href="http://example.com">example.com</a> with 3600 seconds</div><div><br></div><div>Please let me know if you have suggestions.</div><div>
<br></div><div>Thanks</div>