[Opendnssec-user] Auditor failing to verify signatures which appear to be ok
Dave Knight
dave at knig.ht
Thu Mar 18 16:26:35 UTC 2010
On 2010-03-18, at 11:58 AM, Alexd at nominet.org.uk wrote:
> > I have to imagine that I am hitting a bug in the Auditor.
>
> Yes!
>
> I will make sure I find a fix.
>
> FWIW, this behaviour does not occur in the trunk (soon to be 1.1) version of OpenDNSSEC (not due to changes in the auditor).
>
> Thanks for the report,
Possibly useful data point...
I was signing in-addr-servers.arpa with NSEC and SHA256 and the auditor didn't like it.
I just created a new policy for NSEC3 and SHA256, signed the zone with that and the auditor likes it fine.
dave
More information about the Opendnssec-user
mailing list