[Pdns-dev] ecdsa256 keys bug
Peter van Dijk
peter.van.dijk at netherlabs.nl
Wed Feb 1 16:25:02 CET 2012
Hello James,
On Jan 27, 2012, at 12:35 , James Cloos wrote:
> After:
>
> :; pdnssec add-zone-key example.net zsk ecdsa256
>
> I get:
>
> :; pdnssec show-zone example.net
>
> Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab
> Zone is not presigned
> keys:
> ... [ previous keys elided ] ...
> ID = 888 (ZSK), tag = 8888, algo = 8, bits = 256 Active: 0
>
> and:
>
> :; dig @localhost example.net. dnskey +tcp
> ... [ other data elided ] ...
> example.net. 3600 IN DNSKEY 256 3 8 AAA=
>
> (I've confirmed that the dig results I elided match the previous ksk
> and zsk keys I also elided. Those previous keys are algo=8 and are
> reported correcly as such.)
>
> (The ID, tag and name were changed to protect the innocent. :)
I've tried to reproduce your issue using the current SVN version of PowerDNS, and while I've run into a few minor glitches, I see nothing that looks like your problem. The weirdest thing about your report is the 'algo=8' (which is also the '8' in the DNSKEY response) - algorithm 8 is RSA/SHA256; ecdsa256 is algorithm 13. Are you sure you're looking at this right?
Kind regards,
Peter van Dijk
More information about the Pdns-dev
mailing list