[Opendnssec-user] Strange issue w/ OpenDNSSEC 1.3.0rc3

Carlos M. Martinez carlos at lacnic.net
Thu Jun 16 14:45:46 UTC 2011

Hi all,

I might be doing something wrong myself, so please don't be afraid to
let me know it :-)

Situation: OpenDNSSEC 1.2.1 operating fine, only small glitches here and
there but nothing serious. Zones being signed, keys being rollover'd.

I upgraded to OpenDNSSEC 1.3.0rc3 while keeping all XML config files I
had from 1.2.1 (I know, my lazy side took the best of me), except that I
disabled the Auditor.

Now everything seems to work fine (that is daemons are up, no errors
reported on logs, etc), but the signed zones only have RRSIGs for the
DNSKEY records. Really strange. Neither SOA nor NS-sets (the zones I'm
signing are LACNIC's region reverse zones, for example 179.in-addr.arpa)
have RRSIGs.

You can check it out:

dig +dnssec 179.in-addr.arpa soa -> no RRSIG
dig +dnssec 179.in-addr.arpa dnskey -> good-looking RRSIG ;)

I checked the signed zone files directly (i thought this could be an
artifact of EDNS no getting through or something like that) but the
"missing" RRSIGs are not in the file either.

warm regards


Carlos M. Martinez
PGP KeyID 0xD51507A2
Phone: +598-2604-2222 ext. 4419

-------------- next part --------------
A non-text attachment was scrubbed...
Name: carlos.vcf
Type: text/x-vcard
Size: 194 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110616/58fed9a3/attachment.vcf>

More information about the Opendnssec-user mailing list