bryton at tznic.or.tz
Mon Jul 11 09:50:19 UTC 2011
I am using OpenDNSSEC 1.2.1.The record is actually a glue record.
On 07/11/2011 12:30 PM, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> The auditor produces this error log message. It checks whether the
> signer created NSEC3s for all authoritative records. If this message
> turns up, it thinks the signer missed a NSEC3 record.
> If the A record was indeed an authoritative record, the auditor is
> validly complaining.
> If the A record is a glue record, I think the auditor is producing a
> false negative.
> Which version of OpenDNSSEC are you working with?
> Best regards,
> On 07/08/2011 04:03 PM, Bryton wrote:
>> I am getting this error when signing my zone.
>> Found RRs for xxx.xxx.co.tz (bo8ab4f09kaijcqoe2ugg2oqd4snk3rl.tz) which
>> was not covered by an NSEC3 record
>> I want to understand what it means.
>> I removed the A record for xxx.xxx.co.tz and sign it works but since
>> removing its not an option I did put it back and resign and it was ok
>> again this time.
>> Now I would like to understand what is the meaning of this.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
More information about the Opendnssec-user