[ldns-users] ldns-verify-zone question
Jelte Jansen
jelte at NLnetLabs.nl
Wed Apr 8 12:54:29 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andy Linton wrote:
> I've just started looking at DNSSEC and I'm using nsd and umbound on my
> server ns1.lpnz.org
>
> I've used ldns-signzone to sign notnil.org which gives me a file called
> notnil.org.signed - this zone appears to load fine into nsd.
>
> If I run the command:
>
> ldns-verify-zone /etc/nsd/zones/notnil.org.signed
>
> I get output that looks like this for each of the records in the zone file:
>
> Checking: notnil.org.
> Error: Error in SSL library for notnil.org. A
> 28074:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:1294:
<snip>
I think you ran into an encoding bug in the conversion from openssl to dns data
(during signing). If you are running ldns from source, could you please try
attached patch?
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkncnoQACgkQ4nZCKsdOncVZ/wCfQOMryy0xhdGt9Yk1bPCcWKX6
HPYAn2xLcsaFSgRjChOaXCSVzeK6UBKY
=l8v7
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldns_sign_dsa_offset.patch
Type: text/x-diff
Size: 1014 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20090408/10589074/attachment.bin>
More information about the ldns-users
mailing list