[Opendnssec-user] Strange issue w/ OpenDNSSEC 1.3.0rc3

Carlos M. Martinez carlos at lacnic.net
Thu Jun 16 19:18:14 UTC 2011


Followup:

I deleted and re-added the zones with this problem (179.in-addr.arpa and
3.1.1.0.0.2.ip6.arpa) as I had to perform other changes as well (a
different policy from "default" and a new way of fetching the zones from
the servers that generate them) and the problem is now gone.

Thank you to all who responded, I will keep you posted if this happens
again.

regards,

Carlos

On 6/16/11 11:45 AM, Carlos M. Martinez wrote:
> Hi all,
>
> I might be doing something wrong myself, so please don't be afraid to
> let me know it :-)
>
> Situation: OpenDNSSEC 1.2.1 operating fine, only small glitches here and
> there but nothing serious. Zones being signed, keys being rollover'd.
>
> I upgraded to OpenDNSSEC 1.3.0rc3 while keeping all XML config files I
> had from 1.2.1 (I know, my lazy side took the best of me), except that I
> disabled the Auditor.
>
> Now everything seems to work fine (that is daemons are up, no errors
> reported on logs, etc), but the signed zones only have RRSIGs for the
> DNSKEY records. Really strange. Neither SOA nor NS-sets (the zones I'm
> signing are LACNIC's region reverse zones, for example 179.in-addr.arpa)
> have RRSIGs.
>
> You can check it out:
>
> dig +dnssec 179.in-addr.arpa soa -> no RRSIG
> dig +dnssec 179.in-addr.arpa dnskey -> good-looking RRSIG ;)
>
> I checked the signed zone files directly (i thought this could be an
> artifact of EDNS no getting through or something like that) but the
> "missing" RRSIGs are not in the file either.
>
> warm regards
>
> Carlos
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-- 
Carlos M. Martinez
LACNIC I+D
PGP KeyID 0xD51507A2
Phone: +598-2604-2222 ext. 4419

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110616/499a3322/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: carlos.vcf
Type: text/x-vcard
Size: 194 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110616/499a3322/attachment.vcf>


More information about the Opendnssec-user mailing list