[Opendnssec-user] dnsruby 1.46 and RSA/SHA-512 algorithm

Antti Ristimäki antti.ristimaki at csc.fi
Wed Mar 9 12:03:44 CET 2011


Hi,

We are running ODS 1.1.1 and just noticed a tiny issue with the Auditor
and dnsruby 1.46. With this setup, the Auditor failed to verify DS
records with algorithm number 10 (RSA/SHA-512), resulting in the
following log entries:

ods-auditor[7531]: File contains invalid RR : example.com. 21600 IN DS 20853 10 1 ea2434bda7fa5430cb988e4afb59666439af7910, ERROR : #<Dnsruby::DecodeError:0x2b9c2c4732b0> - skipping this record
ods-auditor[7531]: File contains invalid RR : example.com. 21600 IN DS 20853 10 2 22d3db940b53c393233599db3e94ef7a536babf56148f56431337fa0cd39a152, ERROR : #<Dnsruby::DecodeError:0x2b9c2c46d900> - skipping this record

Algorithm 8 (RSA/SHA-256) worked fine and after upgrading dnsruby to
1.51 the Auditor also passed DS records with algorithm 10. Is this
possibly a known issue of the dnsruby 1.46? According to the ODS release
notes, Auditor support for RSA/SHA256 and RSA/SHA512 was added already
in version 1.0.0 so presumably they should have worked even with dnsruby
1.46?

Antti




More information about the Opendnssec-user mailing list