[Opendnssec-user] NSEC3 failure?

Havard Eidnes he at uninett.no
Fri Apr 1 15:09:33 UTC 2016


>>> Does anyone have an idea what more needs to be done to zero in on
>>> this problem?
>>
>> Hmm. My first guess would be that it involves a resalt. Your log lines
>> seem to indicate that no new NSECS are being generated. Yet a resign
>> solves the problem. Could you compare the NSEC3PARAM from the failing
>> zone to the one after the manual resign?
>
> It seems this was a correct hunch, ref. my other posting. 

...and if I'm not terribly mistaken, the three zones which have been
flagged in this way (yep, two more popped up) so far have all been
added to our OpenDNSSEC setup after we upgraded to 1.4.9.

Regards,

- Håvard



More information about the Opendnssec-user mailing list