-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I conducted a DNSSEC tests with Bind 9.8 (also 9.7.3) and Thales nShield
HSM.
Everything compiled fine, I was able to generate keys and list keys on HSM:
# pkcs11-list -p xxx
object[0]: handle 1120 class 3 label[6] 'example-KSK' id[0]
object[1]:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-24 17:47, Kalman Feher pisze:
This appears to be the problem.
I copied your NSEC3PARAM (opt out clear, 12 iterations) details but could
not replicate it. Try turning up the logging to get more information about
why the nsec3param is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-21 15:17, Kalman Feher pisze:
Perhaps we are getting close to the problem then.
Can you show the content of the key files? Specifically the metadata which
the maintain option wants.
Since allow works I'm assuming that key file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-19 18:38, Hauke Lampe pisze:
Another thing you might check:
With dnssec-enable no; in named.conf, BIND still does its automatic
DNSSEC signing but won't add RRSIG to responses.
I ran across such a configuration lately. Your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-21 11:23, Kalman Feher pisze:
The only way I can replicate the behaviour is with dnssec-enable no or with
an unsigned version of the zone in another view. Assuming you've not
overlapped your views in such a way (it was a very
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-17 15:39, Kalman Feher pisze:
Have you tried more sane times?
Those don't look like sensible times even for a test, which is probably why
BIND isn't signing. I think you are below the sensitivity level for BIND to
sign
6 matches
Mail list logo
