On Sat, 29 Jan 2011 13:23:53 +0100, bert hubert wrote: > On Sat, Jan 29, 2011 at 10:30:47AM +0100, Christof Meerwald wrote: >> On Sat, 29 Jan 2011 00:38:12 +0100, Christof Meerwald wrote: >> > That's really excellent news - I have just migrated my 2 nameservers >> > to SVN revision 1928 and signed one of the zones (btw, the setup is: >> > master using bind backend for the zone data and gsqlite3 for the key >> > data - slave is using gsqlite3 and AXFR from master). Let's see what >> > happens... >> >> Hmm, I still don't understand DNSSEC well enough to really make some >> sense of it all, but there are certainly some strange things here: > > Indeed. > >> The zone I am testing with is cmeerw.priv.at, master dns is >> ns.cmeerw.net and slave is ns2.cmeerw.net (and trying to use nsec3). > > Ok, so the setup is that both ns and ns2 have all the keying materials, and > ns serves a pre-signed zone over AXFR.
I'll just concentrate on the setup for now, as it might be the cause of the subsequent issues. There is no keying material on ns2 - the zone is set up as SLAVE and I have also done a "pdnssec set-presigned" and "pdnssec set-nsec3" on ns2. So db just contains (in addition to records received via AXFR): sqlite> select * from domains; 3|cmeerw.net|84.200.12.152|1296307777|SLAVE|| 4|cmeerw.priv.at|84.200.12.152|1296307417|SLAVE|| sqlite> select * from domainmetadata; 1|4|PRESIGNED|1 2|4|NSEC3PARAM|1 0 1 ab sqlite> select * from cryptokeys; sqlite> ns.cmeerw.net reads the zone data for cmeerw.priv.at from the bind backend and has the keying information in the db: sqlite> select * from domains; 9|cmeerw.priv.at|||NATIVE|| sqlite> select * from records where domain_id=9; sqlite> select * from domainmetadata; 1|9|NSEC3PARAM|1 0 1 ab pdnssec show-zone cmeerw.priv.at shows: Zone has hashed NSEC3 semantics, configuration: 1 0 1 ab Zone is not presigned keys: ID = 1 (KSK), tag = 43519, algo = 8, bits = 2048 Active: 1 KSK DNSKEY = cmeerw.priv.at IN DNSKEY 257 3 8 AwEAAait7iglyLwXL1SzhoKZOXgVLsseaq2jFyW/vnda80UWMeZm60QDguYb39Yp5vFD1zI+Fc7Zg+NikFPsYudbW750LOHFtuShO8s3/6p7uyO6OpXsmG4bQSOOFoNuYr1b8rSYnEMFVZF/iKH/CSk7AazA7P9VBAgSmXcVQ/3rO4teelfiZYERf9NqUFadn5eGgEmpZFovBNtO2DzuiDBb3GCDp7XDzam6LUeVHQgus0JRN7sKnFK0wuAFhZ5rvd/CuJkVOY/3ev5v+gOtTGelkypum88MzMhLaDPREZqLghzObAv0cAzG57dZDsHnn5BhkPHNIzdJMGMMNqhyDGn0nq8= DS = cmeerw.priv.at IN DS 43519 8 1 bb4eea726314bd78fe5f82dc93acba51bb4a26ca DS = cmeerw.priv.at IN DS 43519 8 2 89757ce2660f081ade93a220efa3228d0ad3fa55a3ad10cd3eb307954df700bf Error: Request to create key object for unknown algorithm number 12 Christof -- http://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users