[Opendnssec-user] Zone not properly signed
voja at voja.de
Tue Jul 19 19:29:01 UTC 2016
I can confirm that
ods-signer clear voja.de
ods-signer sign voja.de
fixes my problem.
The 1.4.6 is the latest available version for Debian Jessie. The 1.4.10 package is available from testing/unstable only. I need to evaluate if I can upgrade the signer VM to Debian testing. Is there anything I need to look for when migrating from 1.4.6 to 1.4.10?
> Am 19.07.2016 um 20:54 schrieb Yuri Schaeffer <yuri at nlnetlabs.nl>:
> Hi Volker,
> Quite a bit of problems since 1.4.6 have surfaced regarding SOA serial
> and XFR (bump-in-wire setups). We have worked very hard to resolve those
> and the latest result of that is 1.4.10. Please consider upgrading, it
> is very likely to fix whatever bug you are facing.
> Your message doesn't contain much information so I have no idea why your
> new ZSK is producing bad signatures. Hopefully you can repair it by
> resigning your zone:
> ods-signer clear voja.de
> ods-signer sign voja.de
>> On 19-07-16 14:36, Volker Janzen wrote:
>> my monitoring found one zone in OpenDNSSEC that was not properly signed.
>> It's the domain I'm sending from: voja.de.
>> I found that one of my slaves had a wrong serial for the zone, I forced
>> him to fetch the current zone, but that does not solve my issue.
>> I backed up the signed zone file that was broken. dnsviz has the error
>> in it's history. This entry is the last that was working:
>> As of it's an important domain I forced the domain to go insecure at the
>> registry level, because I already found validating resolvers that are no
>> longer able to resolve the zone.
>> What steps can I do to find out what might have gone wrong?
>> I'm running OpenDNSSEC 1.4.6 on Debian Jessie.
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user