Hello James, On Jan 27, 2012, at 12:35 , James Cloos wrote:
> After: > > :; pdnssec add-zone-key example.net zsk ecdsa256 > > I get: > > :; pdnssec show-zone example.net > > Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab > Zone is not presigned > keys: > ... [ previous keys elided ] ... > ID = 888 (ZSK), tag = 8888, algo = 8, bits = 256 Active: 0 > > and: > > :; dig @localhost example.net. dnskey +tcp > ... [ other data elided ] ... > example.net. 3600 IN DNSKEY 256 3 8 AAA= > > (I've confirmed that the dig results I elided match the previous ksk > and zsk keys I also elided. Those previous keys are algo=8 and are > reported correcly as such.) > > (The ID, tag and name were changed to protect the innocent. :) I've tried to reproduce your issue using the current SVN version of PowerDNS, and while I've run into a few minor glitches, I see nothing that looks like your problem. The weirdest thing about your report is the 'algo=8' (which is also the '8' in the DNSKEY response) - algorithm 8 is RSA/SHA256; ecdsa256 is algorithm 13. Are you sure you're looking at this right? Kind regards, Peter van Dijk _______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
