[Opendnssec-user] Zone not properly signed

Yuri Schaeffer yuri at nlnetlabs.nl
Tue Jul 19 18:54:58 UTC 2016

Hi Volker,

Quite a bit of problems since 1.4.6 have surfaced regarding SOA serial
and XFR (bump-in-wire setups). We have worked very hard to resolve those
and the latest result of that is 1.4.10. Please consider upgrading, it
is very likely to fix whatever bug you are facing.

Your message doesn't contain much information so I have no idea why your
new ZSK is producing bad signatures. Hopefully you can repair it by
resigning your zone:

ods-signer clear voja.de
ods-signer sign voja.de


On 19-07-16 14:36, Volker Janzen wrote:
> Hi,
> my monitoring found one zone in OpenDNSSEC that was not properly signed.
> It's the domain I'm sending from: voja.de.
> I found that one of my slaves had a wrong serial for the zone, I forced
> him to fetch the current zone, but that does not solve my issue.
> I backed up the signed zone file that was broken. dnsviz has the error
> in it's history. This entry is the last that was working:
> http://dnsviz.net/d/voja.de/V40wvQ/dnssec/
> As of it's an important domain I forced the domain to go insecure at the
> registry level, because I already found validating resolvers that are no
> longer able to resolve the zone.
> What steps can I do to find out what might have gone wrong?
> I'm running OpenDNSSEC 1.4.6 on Debian Jessie.
> Regards,
>    Volker
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160719/a2adf018/attachment.bin>

More information about the Opendnssec-user mailing list