[ldns-users] ldns-verify-zone question
Andy Linton
asjl at lpnz.org
Wed Apr 8 01:30:12 UTC 2009
I've just started looking at DNSSEC and I'm using nsd and umbound on my
server ns1.lpnz.org
I've used ldns-signzone to sign notnil.org which gives me a file called
notnil.org.signed - this zone appears to load fine into nsd.
If I run the command:
ldns-verify-zone /etc/nsd/zones/notnil.org.signed
I get output that looks like this for each of the records in the zone file:
Checking: notnil.org.
Error: Error in SSL library for notnil.org. A
28074:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1294:
28074:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:380:Type=DSA_SIG
Error: Error in SSL library for notnil.org. NS
28074:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:142:
28074:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:1281:
28074:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:380:Type=DSA_SIG
Error: Error in SSL library for notnil.org. SOA
28074:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:142:
28074:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:1281:
28074:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:380:Type=DSA_SIG
This is running on a debian stable box (kernel is 2.6.8-2-386), the
OpenSSL version is 0.9.8g-15 which is the up to date package for this
system.
More information about the ldns-users
mailing list