Nenhum RRSIG encontrado

3

Eu tive um vencimento do dnssec e, depois de refazer tudo, recebi o seguinte erro Nenhum RRSIG encontrado na depuração do verisign

Estes são os passos exatos que uso para produzir a chave e as assinaturas. Que passo eu senti falta?

etapas:

emailer1 opendkim # dnssec-keygen -f KSK -r /dev/urandom -a RSASHA256 -b 2048 -n ZONE nyctelecomm.com
Generating key pair...............+++ ...................+++
Knyctelecomm.com.+008+63409

emailer1 opendkim # dnssec-keygen -r /dev/urandom -a RSASHA256 -b 2048 -n ZONE nyctelecomm.com
Generating key pair............+++ ...............+++
Knyctelecomm.com.+008+30369

emailer1 opendkim # ls
keys                                 nyctelecomm.com.external
KeyTable                             old
Knyctelecomm.com.+008+30369.key      opendkim.conf
Knyctelecomm.com.+008+30369.private  SigningTable
Knyctelecomm.com.+008+63409.key      TrustedHosts
Knyctelecomm.com.+008+63409.private

emailer1 opendkim # mv Knyctelecomm.com.+008+63409.key Knyctelecomm.com.ksk.key 

emailer1 opendkim # mv Knyctelecomm.com.+008+63409.private Knyctelecomm.com.ksk.private

emailer1 opendkim # mv Knyctelecomm.com.+008+30369.key Knyctelecomm.com.zsk.key 

emailer1 opendkim # mv Knyctelecomm.com.+008+30369.private Knyctelecomm.com.zsk.private

emailer1 opendkim # ls
keys                          Knyctelecomm.com.zsk.key      opendkim.conf
KeyTable                      Knyctelecomm.com.zsk.private  SigningTable
Knyctelecomm.com.ksk.key      nyctelecomm.com.external      TrustedHosts
Knyctelecomm.com.ksk.private  old

emailer1 opendkim # nano nyctelecomm.com.external

emailer1 opendkim # pwd
/etc/opendkim

emailer1 opendkim # nano nyctelecomm.com.external

emailer1 opendkim # dnssec-signzone -e20150330000000 -p -t -g -k Knyctelecomm.com.ksk.key -o nyctelecomm.com nyctelecomm.com.external Knyctelecomm.com.zsk.key
Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA1: KSKs: 0 active, 0 stand-by, 0 revoked
                    ZSKs: 0 active, 1 stand-by, 0 revoked
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
                      ZSKs: 1 active, 0 stand-by, 0 revoked
nyctelecomm.com.external.signed
Signatures generated:                       35
Signatures retained:                         0
Signatures dropped:                          0
Signatures successfully verified:            0
Signatures unsuccessfully verified:          0
Signing time in seconds:                 0.052
Signatures per second:                 662.790
Runtime in seconds:                      0.058

emailer1 opendkim # ls
dnssec-technotes.txt      Knyctelecomm.com.ksk.private     old
dsset-nyctelecomm.com.    Knyctelecomm.com.zsk.key         opendkim.conf
keys                      Knyctelecomm.com.zsk.private     SigningTable
KeyTable                  nyctelecomm.com.external         TrustedHosts
Knyctelecomm.com.ksk.key  nyctelecomm.com.external.signed

emailer1 pri # dnssec-dsfromkey -1 -f nyctelecomm.com.external.signed nyctelecomm.com
nyctelecomm.com. IN DS 57076 8 1 E597070570CCDAF5407B6E688D2B55A708D7BE43

E então eu atualizo o godaddy para refletir o novo DS

    
por mine 19.12.2014 / 22:43

0 respostas