[Opendnssec-user] Error
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Jul 11 09:30:59 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The auditor produces this error log message. It checks whether the
signer created NSEC3s for all authoritative records. If this message
turns up, it thinks the signer missed a NSEC3 record.
If the A record was indeed an authoritative record, the auditor is
validly complaining.
If the A record is a glue record, I think the auditor is producing a
false negative.
Which version of OpenDNSSEC are you working with?
Best regards,
Matthijs
On 07/08/2011 04:03 PM, Bryton wrote:
> I am getting this error when signing my zone.
>
> Found RRs for xxx.xxx.co.tz (bo8ab4f09kaijcqoe2ugg2oqd4snk3rl.tz) which
> was not covered by an NSEC3 record
>
> I want to understand what it means.
>
> I removed the A record for xxx.xxx.co.tz and sign it works but since
> removing its not an option I did put it back and resign and it was ok
> again this time.
>
>
> Now I would like to understand what is the meaning of this.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOGsLSAAoJEA8yVCPsQCW5JO8H/jO1NaPMZ5XJRFzPEdoYSG9Q
F+mIF3ErQn72P6c8CAq4W9cvV0TbRxOd+uoal3wVrztvlb5IpMtuX9gz0pH51AZ5
eoKwvZK0dX6CkTKtRXuBqTV8e8SA5CvYhI8yZHKm2eDaK393yGwA8veav7XzF399
/Up8OidrtZ+v5YIGyUG0CGEe4kHryy3LROvRdvvJzxnbYgVZ58RupyOCjag7sPjS
YBEoEK0kpY1fayaa9OniNBt68Rziw349BuOQgYeGb2+9NRZyZTFJfdLeUywpp9NO
9mOeqzJOztZLneAJoDS4aC+yFo/sKcXEoxiz5CCMHMAsWhv1aUByd+eE2Zu0Fl8=
=z+qT
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list