[Opendnssec-user] TLSA

Mathieu Arnold mat at mat.cc
Tue Dec 4 16:05:11 UTC 2012


Hi,

Ok, upgraded ldns, all is good now.

I get some strange behavior, (v1.3.10), though...

Say, I do :

$ ods-signer sign absolight.net

and in the logs, I get :

Dec  4 17:02:50 ns1 ods-signerd: [scheduler] unable to unschedule task
[read] for zone absolight.net: not scheduled

and :

$ ods-signer queue | grep absolight.net
On Tue Dec  4 23:58:09 2012 I will [read] zone absolight.net

but it does not reschedule it for right now...

+--On 4 décembre 2012 14:25:27 +0100 Matthijs Mekking
<matthijs at nlnetlabs.nl> wrote:
| Hi Mathieu,
| 
| OpenDNSSEC depends on LDNS for supported RRtypes. You should link against
| ldns 1.6.16 if you want to do TLSA.
| 
| Best regards,
|    Matthijs
| 
| On 12/04/2012 01:44 PM, Mathieu Arnold wrote:
|> Hello,
|> 
|> While having lunch, I discovered TLSA records, and I wanted to give it a
|> spin, but...
|> 
|> Dec  4 13:40:53 ns1 ods-signerd: [adapter] error parsing RR at line 17
|> (Syntax error, could not parse the RR's rdata): _443._tcp.mat.cc.
|> 86400 IN TLSA 3 0 1
|> D6731A11F7F79A6E38757E0F48589A6887735E33BE2A2E6D033BE16A E969EDFE
|> 
|> Wondering if TLSA is not supported, or if the one I have is malformed...
|> :-)
|> 
| 
| 



-- 
Mathieu Arnold



More information about the Opendnssec-user mailing list