[Opendnssec-user] Signature problem
Paul Wouters
paul at nohats.ca
Wed Jul 17 03:20:21 UTC 2013
On Tue, 16 Jul 2013, Mathieu Arnold wrote:
> Yesterday, my monitoring reported a lot of faulty zones, validns complained
> of :
>
> # validns -p all -z 1-wire.fr master/1-wire.fr.signed
> master/1-wire.fr.signed:15: 1-wire.fr. RRSIG(SOA): cannot verify the
> signature
>
> Attached the zone. Was generated by opendnssec 1.4.1 on a FreeBSD 9.1.
for the record, ldns agrees the signature is bad:
paul at bofh:$ ldns-verify-zone 1-wire.fr.signed
Checking: 1-wire.fr.
Error: Bogus DNSSEC signature for 1-wire.fr. SOA
Checking: _keyword.1-wire.fr.
Checking: localhost.1-wire.fr.
Checking: www.1-wire.fr.
There were errors in the zone
More information about the Opendnssec-user
mailing list