[Opendnssec-develop] Re: [OpenDNSSEC] #246: Kaspcheck validates kasp.xml when NSEC3 algorithm is 0

OpenDNSSEC owner-dnssec-trac at kirei.se
Tue Jun 28 08:31:49 UTC 2011 

#246: Kaspcheck validates kasp.xml when NSEC3 algorithm is 0
--------------------------------+-------------------------------------------
Reporter:  Nick van den Heuvel  |        Owner:  rb     
    Type:  defect               |       Status:  new    
Priority:  minor                |    Component:  Unknown
 Version:  1.3.0                |   Resolution:         
Keywords:  1.3.0rc3             |  
--------------------------------+-------------------------------------------

Comment (by rb):

 I get this in the latest v1.3

 {{{
 rickard at fou:~$ sudo ods-kaspcheck
 /etc/opendnssec/conf.xml validates
 /home/rickard/opendnssec/kasp.xml validates
 WARNING: Keys/PublishSafety (0 seconds) in Policy1 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (60 seconds)
 WARNING: Keys/RetireSafety (0 seconds) in Policy1 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (60 seconds)
 WARNING: Keys/PublishSafety (0 seconds) in Policy2 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (900 seconds)
 WARNING: Keys/RetireSafety (0 seconds) in Policy2 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (900 seconds)
 ERROR: NSEC3 Hash algorithm is 0 but should be 1

 rickard at fou:~$ sudo ods-ksmutil update kasp
 MySQL database schema set to: opendnssec
 MySQL database user set to: opendnssec
 MySQL database password set
 zonelist filename set to /home/rickard/opendnssec/zonelist.xml.
 kasp filename set to /home/rickard/opendnssec/kasp.xml.
 /etc/opendnssec/conf.xml validates
 /home/rickard/opendnssec/kasp.xml validates
 WARNING: Keys/PublishSafety (0 seconds) in Policy1 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (60 seconds)
 WARNING: Keys/RetireSafety (0 seconds) in Policy1 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (60 seconds)
 WARNING: Keys/PublishSafety (0 seconds) in Policy2 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (900 seconds)
 WARNING: Keys/RetireSafety (0 seconds) in Policy2 policy in
 /home/rickard/opendnssec/kasp.xml is less than 0.1 * TTL (900 seconds)
 ERROR: NSEC3 Hash algorithm is 0 but should be 1
 ods-kaspcheck returned an error, please check your policy
 Failed to update policies
 }}}

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/246#comment:1>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC

More information about the Opendnssec-develop mailing list