trouble with dnssec signed zone on secondary.

Måns Nilsson mansaxel at
Thu Jan 6 11:28:42 UTC 2005

--On torsdag 6 januari 2005 09.51 +0100 Ted Lindgreen <ted at>

> [Quoting =?ISO-8859-1?Q?M=E5ns_Nilsson?=, on Jan  6,  2:13, in "trouble
> with dnssec  ..."] ...
>> This is only somewhat related to nsd, but someone else must have hit
>> it.=20 I am having trouble AXFRing a signed zone -- named-xfer v.latest
>> does not recognise the file format and writes a zone file that zonec
>> barfs on.=20
> Yes, this is a known problem of BIND-8.
> There is a fix (appended) to prevent the BIND-8 named-xfer writing
> out a zonefile with syntax errors, but this will still not produce
> the correct DNSSEC zonefile, because BIND-8 does not understand the
> special handling of the DS.
> We have an NSD version of named-xfer, but it is not yet released (it
> will soon be after quality assurance checks).

Thanks for the confirmation of my suspicions,

Måns Nilsson         Systems Specialist
+46 70 681 7204         KTHNOC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <>

More information about the nsd-users mailing list