[Opendnssec-develop] Problem with signing
matthijs at NLnetLabs.nl
Mon Oct 26 10:03:03 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Rick Zijlker wrote:
> (First of all, I think we should decide where I should send these kinds
> of issues in upcoming teleconf)
Develop is the right location, imo.
> I am having troubles signing my own created zone. At first it seemed
> creation in notepad (copy/paste) resulted in tabs and nonbreakable
> spaces, but when opening it with vi and removing strange marks it looks
> like the zone is signed, though it didn’t get in
> /var/opendnssec/signed/. I do see a signed zone in the
> /var/opendnssec/tmp. I looks like the auditor fails to approve the zone
> after signing.
Correct, if you remove the <Audit></Audit> from the configuration, the
signer engine will output the zone.
> This is the log:
> It looks like the auditor is still seeing those “unbreakable
> spaces/tabs” but it did get signed in tmp directory:
> Although this signed zone doesn’t seem right to me. Haven’t checked it
> right now. I feel like there is missing entries.
I did not encounter this. All 5 records were there in the signed
zonefile, including signatures. Two NSEC3 records were added.
To conclude, I think this is an auditor issue.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop