matthijs at NLnetLabs.nl
Mon Jul 11 09:30:59 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
The auditor produces this error log message. It checks whether the
signer created NSEC3s for all authoritative records. If this message
turns up, it thinks the signer missed a NSEC3 record.
If the A record was indeed an authoritative record, the auditor is
If the A record is a glue record, I think the auditor is producing a
Which version of OpenDNSSEC are you working with?
On 07/08/2011 04:03 PM, Bryton wrote:
> I am getting this error when signing my zone.
> Found RRs for xxx.xxx.co.tz (bo8ab4f09kaijcqoe2ugg2oqd4snk3rl.tz) which
> was not covered by an NSEC3 record
> I want to understand what it means.
> I removed the A record for xxx.xxx.co.tz and sign it works but since
> removing its not an option I did put it back and resign and it was ok
> again this time.
> Now I would like to understand what is the meaning of this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user