Hi Volker, Quite a bit of problems since 1.4.6 have surfaced regarding SOA serial and XFR (bump-in-wire setups). We have worked very hard to resolve those and the latest result of that is 1.4.10. Please consider upgrading, it is very likely to fix whatever bug you are facing.
Your message doesn't contain much information so I have no idea why your new ZSK is producing bad signatures. Hopefully you can repair it by resigning your zone: ods-signer clear voja.de ods-signer sign voja.de ///Yuri On 19-07-16 14:36, Volker Janzen wrote: > Hi, > > my monitoring found one zone in OpenDNSSEC that was not properly signed. > It's the domain I'm sending from: voja.de. > > I found that one of my slaves had a wrong serial for the zone, I forced > him to fetch the current zone, but that does not solve my issue. > > I backed up the signed zone file that was broken. dnsviz has the error > in it's history. This entry is the last that was working: > http://dnsviz.net/d/voja.de/V40wvQ/dnssec/ > > As of it's an important domain I forced the domain to go insecure at the > registry level, because I already found validating resolvers that are no > longer able to resolve the zone. > > What steps can I do to find out what might have gone wrong? > > I'm running OpenDNSSEC 1.4.6 on Debian Jessie. > > > Regards, > Volker > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
