[ldns-users] ldns-verify-zone question

Ondřej Surý ondrej at sury.org
Wed Apr 8 12:32:36 UTC 2009 

Andy,

could you do:

apt-cache policy libssl0.9.8
apt-cache policy libldns1
apt-cache policy ldnsutils

and

ldd /usr/bin/ldns-verifyzone

And send output here?

Ondrej (who happens to be ldns maintainer in debian ;)

On Wed, Apr 8, 2009 at 03:30, Andy Linton <asjl at lpnz.org> wrote:
> I've just started looking at DNSSEC and I'm using nsd and umbound on my
> server ns1.lpnz.org
>
> I've used ldns-signzone to sign notnil.org which gives me a file called
> notnil.org.signed - this zone appears to load fine into nsd.
>
> If I run the command:
>
> ldns-verify-zone /etc/nsd/zones/notnil.org.signed
>
> I get output that looks like this for each of the records in the zone file:
>
> Checking: notnil.org.
> Error: Error in SSL library for notnil.org.     A
> 28074:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:1294:
> 28074:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:380:Type=DSA_SIG
> Error: Error in SSL library for notnil.org.     NS
> 28074:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:asn1_lib.c:142:
> 28074:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
> header:tasn_dec.c:1281:
> 28074:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:380:Type=DSA_SIG
> Error: Error in SSL library for notnil.org.     SOA
> 28074:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:asn1_lib.c:142:
> 28074:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
> header:tasn_dec.c:1281:
> 28074:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:380:Type=DSA_SIG
>
> This is running on a debian stable box (kernel is 2.6.8-2-386), the
> OpenSSL version is 0.9.8g-15 which is the up to date package for this
> system.
>
>
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/

More information about the ldns-users mailing list