[Opendnssec-user] Signature failed to cryptographically verify

Jerry Lundström jerry at opendnssec.org
Mon Jun 2 07:27:18 UTC 2014

Hi Gilles,

On fre, 2014-05-30 at 16:05 +0200, Gilles Massen wrote:
> I have an error with a zone, and I'm baffled were it comes from. The
> auditor (yes, still using it) complains about "Signature failed to
> cryptographically verify, tag = 54711" for about any signature for a
> given zone.

If you could share the logs it would help, also if you can get the logs
with a high verbosity on the Signer.

> I tries ods-signer clear, stopping opendnssec and removing all zone
> related temp files manually, replacing the entire ods-tree with a known
> good config from another server - same errors.

What do you mean with "ods-tree" ?

> I have no clue where this comes from, or what could be the trigger, let
> alone the cause.
> Any hints would be very appreciated...

Have you tried validating the zone with validns? Does it give an error

> BTW: opendnssec 1.3.14

Can you upgrade to the latest 1.3 version (1.3.17) and test? Maybe on a
test platform if you do not want to upgrade production right away.

Jerry Lundström - OpenDNSSEC Developer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 643 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140602/de8a23cc/attachment.bin>

More information about the Opendnssec-user mailing list