[Opendnssec-develop] Re: [OpenDNSSEC] #69: OpenDNSSEC + DLV (isc.org)

OpenDNSSEC owner-dnssec-trac at kirei.se
Tue Jan 5 21:46:46 CET 2010

#69: OpenDNSSEC + DLV (isc.org)
Reporter:  archi.laurent@…          |       Owner:  rb                        
    Type:  defect                   |      Status:  new                       
Priority:  trivial                  |   Component:  Unknown                   
 Version:  trunk                    |    Keywords:  OpenDNSSEC + DLV (isc.org)

Comment(by rb):

 Why have you copied the DNSKEY+RRSIG and NSEC3+RRSIG back to your original
 zone file? If you are doing this then you have forgotten to copy the other
 RRSIGs which belong to the other RRs.

 This is how it should look like:

 Unsigned zone file -> OpenDNSSEC -> Signed zone file (a new file created
 by OpenDNSSEC) -> BIND (or whatever nameserver you are using)

 No need to copy anything. OpenDNSSEC will create the signed zone file
 which you load into BIND (this is done automatically if you have
 <NotifyCommand> in conf.xml).

Ticket URL: <http://trac.opendnssec.org/ticket/69#comment:4>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list