Migrating to a New Cryptographic Suite

2010-07-26 Thread xu dong 
Hi,

   I am running a test about the DNSSEC on my name servers. At present, i
use the algorithm RSASHA-1 for DNSKEY, but i want migrate the RSASHA-1 to
RSASHA-256, when i resigning the zone,it failed. so i wonder if  DNSSEC
supporting migrating RSASHA-1  to RSASHA-256 smoothly?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

update failed: SERVFAIL

2010-01-25 Thread xu dong 
Hi,
   I have a problem about the DDNS ,When I nsupdated the master dns server
under with dnssec,but it failed as following:

*r...@root:/var/named/chroot/etc# nsupdate -d
 server 192.168.225.130 5353
 update add test.net 900 A 5.5.5.5

Reply from SOA query:
;; -HEADER- opcode: QUERY, status: NOERROR, id:  32603
;; flags: qr aa ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;test.net.IN  SOA

;; AUTHORITY SECTION:
net. 300 IN  SOA dns.net. dns.net.
2010011806 10800 60 604800 10800

Found zone name: net
The master is: dns.net
Sending update to 192.168.225.130#5353
Outgoing update query:
;; -HEADER- opcode: UPDATE, status: NOERROR, id:  30960
;; flags: ; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
;; UPDATE SECTION:
dns.net. 900 IN  A   5.5.5.5

 Reply from update query:
;; -HEADER- opcode: UPDATE, status: SERVFAIL, id:  30960
;; flags: qr ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
 *

But when i nsupdated the master dns server without dnssec, it succeed. So I
don't know why?

-- 
-
Xudong
email:xudon...@gmail.com
Beijing,China
-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Signing with the KSK and ZSK

2009-12-07 Thread xu dong 
Hi folks, i have a question about signing zone files with the ksk and the
zsk, as i know,when signing the zone files i have to use the ksk and zsk
both,just as following:

*dnssec-signzone -o domain-name -t -k KSK zone-name ZSK*
but i want to sign the ZSK with KSK first,and then sign the zone files with
zsk,so how can i do?

Thanks.
-- 
-
Xudong
email:xudon...@gmail.com
Beijing,China
-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users