subject:"Strange results from dnssec\-dsfromkey"

Re: Strange results from dnssec-dsfromkey

2009-02-18 Thread Chris Thompson


I wrote:


I don't understand the results I am getting from dnssec-dsfromkey
(BIND 9.6.0-P1, Solaris 10_x86, Sun Studio 10 C compiler).

[...]

Does dnssec-dsfromkey behave properly for others?


and Mark Andrews wrote:


Looks like a silly bug that will be simple to fix.


This is just a follow-up to say that ISC have kindly provided me with
a fix that works:

2559.   [bug]   dnssec-dsfromkey could compute bad DS records when
   reading from a K* files.  [RT #19357]

which will presumably be in the next 9.6.x version.

--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Strange results from dnssec-dsfromkey

2009-02-16 Thread Mark Andrews


Looks like a silly bug that will be simple to fix.

In message prayer.1.3.1.0902161618270.29...@hermes-2.csi.cam.ac.uk, Chris 
Thompson writes:
 I don't understand the results I am getting from dnssec-dsfromkey
 (BIND 9.6.0-P1, Solaris 10_x86, Sun Studio 10 C compiler).
 
 For instance:
 
 $ /usr/local/sbin/dnssec-keygen -a RSASHA1 -b 512 -n ZONE -f KSK test
 Ktest.+005+21283
 
 $ cat Ktest.+005+21283.key
 test. IN DNSKEY 257 3 5 
 AwEAAbmcz5O8AzmbwidEoTMkHbaDhr0EfqKsq6WUyXWn5icJgqMTEoBO 
 T03sgCEDXvnMUNthrV6vBIW9sINCLHzrAJc=
 
 $ /usr/local/sbin/dnssec-dsfromkey Ktest.+005+21283
 test. IN DS 26153 5 1 4DB6296434AA1E9C95C6B68AC1A325AFF2BF856A
 test. IN DS 61367 154 2 
 7733D6D7F56602BB709BE521AFB861AEAF522E1A1946AF788EC994C8 259D3882
 
 $ /usr/local/sbin/dnssec-dsfromkey -1 Ktest.+005+21283
 test. IN DS 26153 5 1 4DB6296434AA1E9C95C6B68AC1A325AFF2BF856A
 
 $ /usr/local/sbin/dnssec-dsfromkey -2 Ktest.+005+21283
 test. IN DS 32741 47 2 
 344D72A40621EF9F6C6FF665B6CAA8E6165928E0AA33074668668C88 8364E27F
 
 In that case the SHA256 records are inconsistent, but at least the
 SHA1 ones came out the same each time...
 
 $ /usr/local/sbin/dnssec-keygen -a RSASHA1 -b 1024 -n ZONE -f KSK test
 Ktest.+005+45172
 
 koala:~:2.2166$ cat Ktest.+005+45172.key
 test. IN DNSKEY 257 3 5 
 AwEAAd0QNMsmSdlyOmMCQX95VS/cOVCK18PorGVmpptTz/pZaCKuErxT 
 RLNEnJb1qDw7HoFu2uSs40YhiqI4p/gyBwcK
 Tj3qr+hGLqX1+zQ6Gf5T SQJEMysWgmFrsqxaUx5M1V1HykprwP+td1rTUPktsrRX3y9JhftYjgCr 
 jlxhz2x1
 
 koala:~:2.2167$ /usr/local/sbin/dnssec-dsfromkey Ktest.+005+45172
 test. IN DS 57820 5 1 4154C73FB7759E846C90092E8EF5CE16FB2630C3
 test. IN DS 361 36 2 1F88F1C881EA4353C838C56837161A1719B03CE57FA74015CACD3611 
 9BC82F22
 
 koala:~:2.2168$ /usr/local/sbin/dnssec-dsfromkey -1 Ktest.+005+45172
 test. IN DS 57820 5 1 B05B7CD38865DED8B4C2F3360764DFF6B3C7C86C
 
 koala:~:2.2169$ /usr/local/sbin/dnssec-dsfromkey -2 Ktest.+005+45172
 test. IN DS 60190 254 2 
 85FEA41A86A84F76E067180884E8A86943870F8FE0554DE81E834306 92EE1DEF
 
 ... but this time the SHA1 digests come out differently as well!
 
 Does dnssec-dsfromkey behave properly for others?
 
 -- 
 Chris Thompson
 Email: c...@cam.ac.uk
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Strange results from dnssec-dsfromkey

Re: Strange results from dnssec-dsfromkey

2 matches

Site Navigation

Mail list logo

Footer information