[Opendnssec-develop] Problem with signing
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Oct 26 10:03:03 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Rick,
Rick Zijlker wrote:
> Hey,
>
> (First of all, I think we should decide where I should send these kinds
> of issues in upcoming teleconf)
Develop is the right location, imo.
> I am having troubles signing my own created zone. At first it seemed
> creation in notepad (copy/paste) resulted in tabs and nonbreakable
> spaces, but when opening it with vi and removing strange marks it looks
> like the zone is signed, though it didn’t get in
> /var/opendnssec/signed/. I do see a signed zone in the
> /var/opendnssec/tmp. I looks like the auditor fails to approve the zone
> after signing.
Correct, if you remove the <Audit></Audit> from the configuration, the
signer engine will output the zone.
> This is the log:
...
> It looks like the auditor is still seeing those “unbreakable
> spaces/tabs” but it did get signed in tmp directory:
Looks like...
...
>
> Although this signed zone doesn’t seem right to me. Haven’t checked it
> right now. I feel like there is missing entries.
I did not encounter this. All 5 records were there in the signed
zonefile, including signatures. Two NSEC3 records were added.
To conclude, I think this is an auditor issue.
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJK5XPVAAoJEA8yVCPsQCW5IOkIAKFnaP0E/da6Ak0T0PBwDefL
21WJfxdC1KmNqDlnj8Cd6gM7X+yQ32GQaLH+lO3aJp3jcFch0izMrmqD1psjTCCr
ood3JZe0gMLcAJk8JCBkrX/g2o8K9pvxxds+bw+O5lggNoM+HLCtiY0ZfVcqWyzF
nyrg/NUrfGlbyC4B7WV/GWuw7mQsAwZXneRUPuT8V5vBBw+Much0SAIlZltk9cH/
bgodzcbPoqwzUlDkZxexXScttTCuxuxuRf9sua6jhL5sOMd9noHlT9wXuJ0zKiUK
TaZkFkHaSL0E2GVxtthPQ3LE05ZcQZD+filnld4xJifzqkpTMrbqAbUsYvJF9KY=
=5oXR
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list