[ldns-users] GOST algorithm validation does not work
Zbynek Michl
zbynek.michl at nic.cz
Thu Jul 1 14:45:24 UTC 2010
Hi,
I am trying to validate signed domain name using GOST algorithm, but
unsuccessfully (ldns r3283, openssl 1.0.0a).
Here is an input of ldns_verify():
www.m-system.net. 76874 IN A 69.64.81.2
www.m-system.net. 76874 IN RRSIG A 12 3 86400 20100723062450 20100623062450
64666 m-system.net.
ZKhex8zNMVcLnHFHt31y5cOlngVWBHTH5AxhCK2VPK3Jz6RrvFK21F9thuMErAyIIFj0GLadJpNTEAuSkwzubA==
;{id = 64666}
m-system.net. 76874 IN DNSKEY 256 3 12
vvJWsxH3J5IZ6YEcG1C+MaYGX/YwzIeFoIXgUOuGHx/fvet0SJefkPE0il40Sm4T4y5aYN8vyZLQgtJYiCYIbQ==
;{id = 64666 (zsk), size = 512b}
m-system.net. 76874 IN DNSKEY 257 3 12
BDtDa2UxLe7cdDs9bX/X1Y/UXuhJnDrGDRuVQW0BBo8QF1Pr959WBI5QylNxyKp9Rm4yslb1hj4BQUEUWpOLWw==
;{id = 27152 (ksk), size = 512b}
ldns_verify() result: Bogus DNSSEC signature
What could be wrong? Domain name signature should be OK as far as I know.
Thanks,
Zbynek
More information about the ldns-users
mailing list