[Opendnssec-user] SOA record issues - opendnssec-1.4.3
Peter Hunčár
hunci at hunci.sk
Fri Mar 21 15:12:00 UTC 2014
Hello
I want to migrate from BIND to NSD + ODS, the first part is done, but I'm
still getting an error while trying to sign a zone: (replaced my domain
name with example.com, the rest is identical)
[signconf] zone example.com.zone signconf: RESIGN[PT7200S]
REFRESH[PT259200S] VALIDITY[PT1209600S] DENIAL[PT1209600S] JITTER[PT43200S]
OFFSET[PT3600S] NSEC[50] DNSKEYTTL[PT3600S] SOATTL[PT3600S]
MINIMUM[PT3600S] SERIAL[unixtime]
[adapter] unable to add rr to zone: soa record has invalid owner name
[adapter] error adding RR at line 3: @ IN SOA ns.example.com.
hostmaster.example.com. 2014032101 3H 15 1W 3H
[tools] unable to read zone example.com.zone: adapter failed (General error)
[worker[1]] CRITICAL: failed to sign zone example.com.zone: General error
I tried every possible format of the unsigned zone file, the last was:
$ORIGIN example.com.
$TTL 2D ; time to live
@ IN SOA ns.example.com. hostmaster.example.com. (
20140321013H 15 1W 3H )
IN NS ns.example.com.
IN NS ns2.example.com.
IN MX 10 mx1.example.com.
IN MX 20 mx2.example.com.
ns IN A aaa.bbb.ccc.ddd
mx1 IN A ...
.
.
ods-ksmutil zone add --zone example.com.zone
ods-ksmutil update zonelist
Returns no error, but the zone doesn't get signed with the above errors in
log.
If I remove the $ORIGIN line, ods will sign the zone but complains about
out-of-zoe data of course.
OS: FreeBSD 10-release - running in jail
Could you please help?
Thank you
P.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140321/83994e4b/attachment.htm>
More information about the Opendnssec-user
mailing list