[Pdns-dev] Invalid signer in RRSIG for CNAME where CNAME target zone is on the same server

Jimmy Bergman jimmy at atomia.com
Mon Dec 12 14:23:43 CET 2011


Just wanted to give heads up to the ones using the powerdns DNSSEC support
in production that
a client of mine ran into a problem with CNAME's pointing to another zone
on the same server.

For such zones the RRSIG got an invalid signer name, causing validating
bind resolvers to SERVFAIL.

A description of the problem and a patch can be found at:

Best Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20111212/86576f1c/attachment.htm>

More information about the Pdns-dev mailing list