Bug#587616: dnssec-tools - zonesigner fails for simple signing: unable to update serial number in ./zonefile

Mon, 12 Jul 2010 07:09:35 -0700 

Hi,

 I cannot reproduce the bug, made simple zone as
------------------------------------------------------------------------
@       IN      SOA     dns.example.co.jp. root.example.co.jp. (
        2010071205
        10800
        3600
        604800
        86400 )
;
        IN      NS              dns.example.co.jp.
;
dns     IN      A       192.168.1.10
;
------------------------------------------------------------------------

 And here is the log that I tested.

>henr...@hp115:~/tmp/dnssectools-test$ zonesigner -genkeys -endtime +2678400 
>example.co.jp
>        if zonesigner appears hung, strike keys until the program completes
>        (see the "Entropy" section in the man page for details)
>
>Generating key pair................................++++++ .............++++++
>Generating key pair...................................................++++++ 
>........++++++
>Generating key pair...+++ 
>......................................................+++
>dnssec-signzone: warning: example.co.jp.zs:1: no TTL specified; using SOA 
>MINTTL instead
>Verifying the zone using the following algorithms: RSASHA1.
>Zone signing complete:
>Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
>                    ZSKs: 1 active, 1 stand-by, 0 revoked
>
>zone signed successfully
>
>example.co.jp:
>        KSK (cur) 25402  -b 2048  07/12/10      (example.co.jp-signset-3)
>        ZSK (cur) 50133  -b 1024  07/12/10      (example.co.jp-signset-1)
>        ZSK (pub) 23271  -b 1024  07/12/10      (example.co.jp-signset-2)
>
>zone will expire in 4 weeks, 3 days, 0 seconds
>DO NOT delete the keys until this time has passed.

>henr...@hp115:~/tmp/dnssectools-test$ ls
>Kexample.co.jp.+005+23271.key      Kexample.co.jp.+005+25402.key      
>Kexample.co.jp.+005+50133.key      dsset-example.co.jp.  example.co.jp.krf
>Kexample.co.jp.+005+23271.private  Kexample.co.jp.+005+25402.private  
>Kexample.co.jp.+005+50133.private  example.co.jp         example.co.jp.signed

>henr...@hp115:~/tmp/dnssectools-test$  zonesigner -zone example.co.jp 
>./example.co.jp
>
>        if zonesigner appears hung, strike keys until the program completes
>        (see the "Entropy" section in the man page for details)
>
>dnssec-signzone: warning: ./example.co.jp.zs:1: no TTL specified; using SOA 
>MINTTL instead
>Verifying the zone using the following algorithms: RSASHA1.
>Zone signing complete:
>Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
>                    ZSKs: 1 active, 1 stand-by, 0 revoked
>
>zone signed successfully
>
>example.co.jp:
>        KSK (cur) 25402  -b 2048  07/12/10      (example.co.jp-signset-3)
>        ZSK (cur) 50133  -b 1024  07/12/10      (example.co.jp-signset-1)
>        ZSK (pub) 23271  -b 1024  07/12/10      (example.co.jp-signset-2)
>
>zone will expire in 4 weeks, 3 days, 0 seconds
>DO NOT delete the keys until this time has passed.

 No problem with that.

 You said
>> | unable to update serial number in ./zonefile

 Is SOA serial number in your zonefile correct?
 Could you send its zonefile to me privately? I'll help to test it if you can.


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to