Improved SSL Error Logging [RT #29932]

BIND 9.7.7, 9.8.4 and 9.9.2 have "improved" OpenSSL error logging. Unfortunately, our logs are now filling up with "RSA_verify failed" messages. How does one go about tracking down the source of these failures and correcting them? (We are running OpenSSL 1.0.1c.) __

Re: Intermittent Zone Signing Failures

Switching from openssl-1.0.1 to openssl-0.9.8 seems to have fixed the problem. On 2 Jun 2012, at 9:57 AM, David Kreindler wrote: > Running BIND 9.9.1, 9.9.0 or 9.7.6 on AIX 5.2, we are experiencing > intermittent failures signing zones, both with named and with dnssec-signzone. > &

Intermittent Zone Signing Failures

Running BIND 9.9.1, 9.9.0 or 9.7.6 on AIX 5.2, we are experiencing intermittent failures signing zones, both with named and with dnssec-signzone. We first noticed the problem when BIND 9.9.1's inline signing resulted in zones with missing RRSIGs. When we turned off "auto-dnssec maintain" & "inl

Re: BIND 9.9.0 Inline-Signing Out of Control

Thanks for the suggestion. After 48 sets of IXFRs and more than 1200 SOA serial increments, the system finished signing the zone. Manually incrementing the (unsigned) SOA serial now results in just one more set of IXFRs. It would have been helpful if somewhere in the documentation we were warn

Re: BIND 9.9.0 Inline-Signing Out of Control

he servers notifying each other? On 2 Mar 2012, at 5:13 PM, David Kreindler wrote: > When BIND 9.9.0 was released, we started converting our DNSSEC-signed zones > to inline signing. > > Everything went smoothly with all but one of our zones ("pesky.zone", below). > With t

BIND 9.9.0 Inline-Signing Out of Control

When BIND 9.9.0 was released, we started converting our DNSSEC-signed zones to inline signing. Everything went smoothly with all but one of our zones ("pesky.zone", below). With that zone, after named signed it and completed an AXFR-style IXFR to each of four slaves, it proceeded to start repea

Re: named 9.6.1 Filling wtmp

On 22 Jan 2010, at 7:25 AM, David Kreindler wrote: > On 21 Jan 2010, at 7:21 PM, Mark Andrews wrote: > >> In message <6b845b73-065f-4e8b-afa5-408ecdbe7...@govnet.state.vt.us>, David >> Kre >> indler writes: >>> We have BIND 9.6.1-P3 running on several AI

Re: named 9.6.1 Filling wtmp

On 21 Jan 2010, at 7:21 PM, Mark Andrews wrote: > In message <6b845b73-065f-4e8b-afa5-408ecdbe7...@govnet.state.vt.us>, David > Kre > indler writes: >> We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, nam >> ed is filling /var/adm/wtmp with numerous entries like the follo

named 9.6.1 Filling wtmp

We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, named is filling /var/adm/wtmp with numerous entries like the following. user pts/1 pts/1 7 1327240 1264089183 host-NN.domain Thu Jan 21 10:53:03 EST 2010 named 8 2572472 1264089217