[Opendnssec-user] Ubuntu 10.10 - Signing issues

Derek Brodeur dazednkonfused at gmail.com
Thu Mar 1 23:12:38 UTC 2012


Thanks for the reply,

I didn't think I had, I thought it automatically did that when I used

ods-signer sign example.com

I removed the DNSKEY from the unsigned file and did

ods-ksmutil setup

and then

ods-signer sign example.com

it seemed to get rid of the error but..

I am still receiving the SOA differs error, I understand it tries to
increment that number but I thought that was automatic... even if I
increment it myself, it still gives me the error?

What should I be changing, do I need to download a different time package
or something?

Thanks, Derek

(I hope this posts as it is supposed to)

On Thu, Mar 1, 2012 at 3:14 AM, Matthijs Mekking <matthijs at nlnetlabs.nl>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Also, the signer initially tries to increment the serial with respect to
> the serial in the unsigned zone. Therefore, the warning
>
> Feb 29 15:31:21 ubuntu ods-signerd: [data] unable to use unixtime
> 1330558281 as serial: not greater than inbound serial 2011022003
>
> is shown.
>
> Best regards,
>  Matthijs
>
>
>
> On 03/01/2012 08:53 AM, Jerry Lundström wrote:
> > Hi Derek,
> >
> > The problem you seem to have might be because you have added a DNSKEY
> > to the unsigned zone with algorithm RSASHA1 and the rest of the signed
> > zone is signed with algorithm RSASHA256. Auditor detects this and
> > expect every signed entry to have all algorithms.
> >
> > Could I ask why you added a DNSKEY to the unsigned zone?
> >
> > /Jerry
> > _______________________________________________
> > Opendnssec-user mailing list
> > Opendnssec-user at lists.opendnssec.org
> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPTy/PAAoJEA8yVCPsQCW5oUIIAIH353ngLFEtwAQaL7WPNNi6
> E/wLeoaUti8nBwRfssEFcWUzYYSk48HoOzMsDJH+IQEaLPs0/fj94DLMtuBuEZT3
> z6Tqb5YJs9/nJAA0r6JEbcrBc6wpd83OSnAkkdTEO02DQsmcDMAMZrpX+1yRiONn
> fEpLIUMttIalyao5JfFLL5+tLxkpxJKeQ3C95nLo1LCWSwSHURf8vLP2ZGSkD/wU
> X01PpjHEFAnLDo/7AiXhzNLvpEoNBLRQ1SeQtK1a4URjN+QCXh4qcDq4YEpIbKDT
> Uou/Bs0FmOyScQlffNcakBG/au/B03RuOvJNJfve2MtNjLs0iE4Ph2fbd/Z+Emo=
> =2++U
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120301/08fe908e/attachment.htm>


More information about the Opendnssec-user mailing list