Uploaded image for project: 'Support'
  1. Support
  2. SUPPORT-61

Invalid signatures generated

    XMLWordPrintable

    Details

    • Type: Support
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: OpenDNSSEC 1.4.0
    • Fix Version/s: None
    • Component/s: Signer
    • Labels:
      None
    • Environment:

      FreeBSD 8.1 (x86)

      Description

      After re-initializing our tokens in SoftHSM with a different label and configuring OpenDNSSEC to use the new tokens, everything worked fine for about a week.

      Then, all of a sudden we started getting validation errors from validns. It seems the signates for the DNSKEY and SOA RR's where invalid, but we couldn't discover why. We finally tried rolling the KSK and we haven't seen the error for two days since then. We are preparing to move our signed zone into production, but we can't until we understand what caused the error.

      Attached is the output from jdnssec-tools which we used to debug the problem, with no luck.

        Attachments

          Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. OPENDNSSEC-426 Clean working directory when reinitialize enforcer database

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              einarb Einar Bjarni Halldórsson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: