Looks like a silly bug that will be simple to fix.
In message prayer.1.3.1.0902161618270.29...@hermes-2.csi.cam.ac.uk, Chris
Thompson writes:
I don't understand the results I am getting from dnssec-dsfromkey
(BIND 9.6.0-P1, Solaris 10_x86, Sun Studio 10 C compiler).
For instance:
$ /usr/local/sbin/dnssec-keygen -a RSASHA1 -b 512 -n ZONE -f KSK test
Ktest.+005+21283
$ cat Ktest.+005+21283.key
test. IN DNSKEY 257 3 5
AwEAAbmcz5O8AzmbwidEoTMkHbaDhr0EfqKsq6WUyXWn5icJgqMTEoBO
T03sgCEDXvnMUNthrV6vBIW9sINCLHzrAJc=
$ /usr/local/sbin/dnssec-dsfromkey Ktest.+005+21283
test. IN DS 26153 5 1 4DB6296434AA1E9C95C6B68AC1A325AFF2BF856A
test. IN DS 61367 154 2
7733D6D7F56602BB709BE521AFB861AEAF522E1A1946AF788EC994C8 259D3882
$ /usr/local/sbin/dnssec-dsfromkey -1 Ktest.+005+21283
test. IN DS 26153 5 1 4DB6296434AA1E9C95C6B68AC1A325AFF2BF856A
$ /usr/local/sbin/dnssec-dsfromkey -2 Ktest.+005+21283
test. IN DS 32741 47 2
344D72A40621EF9F6C6FF665B6CAA8E6165928E0AA33074668668C88 8364E27F
In that case the SHA256 records are inconsistent, but at least the
SHA1 ones came out the same each time...
$ /usr/local/sbin/dnssec-keygen -a RSASHA1 -b 1024 -n ZONE -f KSK test
Ktest.+005+45172
koala:~:2.2166$ cat Ktest.+005+45172.key
test. IN DNSKEY 257 3 5
AwEAAd0QNMsmSdlyOmMCQX95VS/cOVCK18PorGVmpptTz/pZaCKuErxT
RLNEnJb1qDw7HoFu2uSs40YhiqI4p/gyBwcK
Tj3qr+hGLqX1+zQ6Gf5T SQJEMysWgmFrsqxaUx5M1V1HykprwP+td1rTUPktsrRX3y9JhftYjgCr
jlxhz2x1
koala:~:2.2167$ /usr/local/sbin/dnssec-dsfromkey Ktest.+005+45172
test. IN DS 57820 5 1 4154C73FB7759E846C90092E8EF5CE16FB2630C3
test. IN DS 361 36 2 1F88F1C881EA4353C838C56837161A1719B03CE57FA74015CACD3611
9BC82F22
koala:~:2.2168$ /usr/local/sbin/dnssec-dsfromkey -1 Ktest.+005+45172
test. IN DS 57820 5 1 B05B7CD38865DED8B4C2F3360764DFF6B3C7C86C
koala:~:2.2169$ /usr/local/sbin/dnssec-dsfromkey -2 Ktest.+005+45172
test. IN DS 60190 254 2
85FEA41A86A84F76E067180884E8A86943870F8FE0554DE81E834306 92EE1DEF
... but this time the SHA1 digests come out differently as well!
Does dnssec-dsfromkey behave properly for others?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users