[ldns-users] ldns-signzone ECDSA random failure
Matt Smith
ldns at xtaz.co.uk
Mon Aug 17 20:05:55 UTC 2015
On Aug 17 20:49, Matt Smith wrote:
>If it helps I have saved copies of the syslog, KSK and ZSK keys along
>with the original zone file and the signed zone file if anybody wants
>to examine them.
Actually I've just noticed something that stands out. In a record which
works fine the RRSIG looks like this:
host1.example.com. 3600 IN RRSIG A 13 3 3600
20150914191810 20150817191810 57320 xtaz.uk.
ot+ASP55jXoBrNNqxT5yr3KIO/n+YazEc4NEq0/IpwhB4BucBRiBAiKihAdELzSf+CDTr2X7v8TiqE59mNBeSg==
In one that fails to validate it looks like this:
host2.example.com. 3600 IN RRSIG A 13 3 3600
20150914191810 20150817191810 57320 xtaz.uk.
T0zvO7h5yAxTg5TqtGUAZqdsbj3T4EsvoWDzYOe4QaD/QJKs4eCvBwlLQ2DaQpxNIhd9oOqTWgLeeGL7aRwA
It looks like the signature has been truncated and doesn't have == on
the end of it?
Forgot to say as well, I'm using ldns-tools 1.6.17.
--
Matt
More information about the ldns-users
mailing list