Package: pdns-server Version: 3.1-4 Severity: important Dear Maintainer,
After installing, I did the following: pdnssec secure-zone kumina.nl pdnssec add-zone-key kumina.nl zsk ecdsa256 256 pdnssec activate-zone-key kumina.nl 16 I then get the following in the log when I request a record from that zone: Jan 11 09:12:44 pdns-master pdns[22359]: Exception building answer packet (CryptoMaterial: this object contains invalid values) sending out servfail pdnssec show-zone also shows the key as being algorithm 8 instead of 13: Zone has NSEC semantics Zone is not presigned keys: ID = 13 (KSK), tag = 10682, algo = 8, bits = 2048 Active: 1 KSK DNSKEY = kumina.nl IN DNSKEY 257 3 8 AwEAAYpSCMo/Ti7I2aZZLEILwCVF6W0xzhXDY/nV5LHjblmjHxv+4E3JnLcsPjAnNnFc6Jb1u4XLbgaxas+EExUYsezoS1WUzSVqf643z4Rs6AcYKdVY7qLfzgRwPW0DiDjHRxawqnl0cNaL7NRMwGG/e8Eg7HCdcSNcMDr6r2mrvAtHka6roH7qw+GkKOwsR3cE9hGHoeIg4KS+TlR4C9zF/yc5KOTfI7TbcQPiyLLRIz+StGmBpVIkjfroUevdpiiJ2xMOQyR7QgyCXXgyzhBKSmx8hjKZhsCVIA71blpJo9/yVhwRSX3IHXiXa1fAiNlk6GIMPJFcGFPUW/nibzsZntM= DS = kumina.nl IN DS 10682 8 1 ad61b310e025c7ac4e72cc106b2b7e7ee4ae4fa0 DS = kumina.nl IN DS 10682 8 2 b4cc14b1acdb3d78a901e6d4b8b441a2ae9b92159c83acb2e4f50ed2a3fdc9ed ID = 14 (ZSK), tag = 55575, algo = 8, bits = 1024 Active: 1 ID = 15 (ZSK), tag = 54753, algo = 8, bits = 1024 Active: 0 ID = 16 (ZSK), tag = 1032, algo = 8, bits = 256 Active: 0 This bug has been reported upstream[0] and has been fixed in SVN commit 3036. The patch applies cleanly to the debian sources (tested using a quilt patch) and works as expected. Please add it to the powerdns in Debian to make sure people don't end up with broken authoritative server. 0- wiki.powerdns.com/trac/ticket/670 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pdns-server depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii libboost-program-options1.49.0 1.49.0-3.1 ii libboost-serialization1.49.0 1.49.0-3.1 ii libc6 2.13-37 ii libcrypto++9 5.6.1-6 ii libgcc1 1:4.7.2-4 ii liblua5.1-0 5.1.5-4 ii libpolarssl0 1.1.4-1 ii libsqlite3-0 3.7.13-1 ii libstdc++6 4.7.2-4 ii ucf 3.0025+nmu3 ii zlib1g 1:1.2.7.dfsg-13 pdns-server recommends no packages. Versions of packages pdns-server suggests: ii pdns-backend-mysql [pdns-backend] 3.1-4 pn pdns-recursor <none> -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
