[Opendnssec-user] Error

Bryton bryton at tznic.or.tz
Mon Jul 11 09:50:19 UTC 2011


I am using OpenDNSSEC 1.2.1.The record is actually a glue record.

On 07/11/2011 12:30 PM, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> The auditor produces this error log message. It checks whether the
> signer created NSEC3s for all authoritative records. If this message
> turns up, it thinks the signer missed a NSEC3 record.
>
> If the A record was indeed an authoritative record, the auditor is
> validly complaining.
>
> If the A record is a glue record, I think the auditor is producing a
> false negative.
>
> Which version of OpenDNSSEC are you working with?
>
> Best regards,
>    Matthijs
>
>
> On 07/08/2011 04:03 PM, Bryton wrote:
>>   I am getting this error when signing my zone.
>>
>> Found RRs for xxx.xxx.co.tz (bo8ab4f09kaijcqoe2ugg2oqd4snk3rl.tz) which
>> was not covered by an NSEC3 record
>>
>> I want to understand what it means.
>>
>> I removed the A record for xxx.xxx.co.tz and sign it works but since
>> removing its not an option I did put it back and resign and it was ok
>> again this time.
>>
>>
>> Now I would like to understand what is the meaning of this.
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJOGsLSAAoJEA8yVCPsQCW5JO8H/jO1NaPMZ5XJRFzPEdoYSG9Q
> F+mIF3ErQn72P6c8CAq4W9cvV0TbRxOd+uoal3wVrztvlb5IpMtuX9gz0pH51AZ5
> eoKwvZK0dX6CkTKtRXuBqTV8e8SA5CvYhI8yZHKm2eDaK393yGwA8veav7XzF399
> /Up8OidrtZ+v5YIGyUG0CGEe4kHryy3LROvRdvvJzxnbYgVZ58RupyOCjag7sPjS
> YBEoEK0kpY1fayaa9OniNBt68Rziw349BuOQgYeGb2+9NRZyZTFJfdLeUywpp9NO
> 9mOeqzJOztZLneAJoDS4aC+yFo/sKcXEoxiz5CCMHMAsWhv1aUByd+eE2Zu0Fl8=
> =z+qT
> -----END PGP SIGNATURE-----


-- 
Regards,
Bryton.




More information about the Opendnssec-user mailing list