[Opendnssec-user] Auditor failing to verify signatures which appear to be ok

Dave Knight dave at knig.ht
Thu Mar 18 16:26:35 UTC 2010

On 2010-03-18, at 11:58 AM, Alexd at nominet.org.uk wrote:

> > I have to imagine that I am hitting a bug in the Auditor.
> Yes! 
> I will make sure I find a fix. 
> FWIW, this behaviour does not occur in the trunk (soon to be 1.1) version of OpenDNSSEC (not due to changes in the auditor). 
> Thanks for the report, 

Possibly useful data point...

I was signing in-addr-servers.arpa with NSEC and SHA256 and the auditor didn't like it. 

I just created a new policy for NSEC3 and SHA256, signed the zone with that and the auditor likes it fine.


More information about the Opendnssec-user mailing list