[Pdns-users] Different RRSIG's on master and slaves

mvdgeijn marc at bhosted.nl
Wed Sep 25 07:41:40 UTC 2013 

I've compared the master and first slave DNS server, and I noticed a few
differences. The first difference is the configuration on line 2. The
master: 1 0 1 ab and the slave: 1 1 1 ab. What does the second number stand
for? I can't find it in the documentation. Is this causing the difference
between the master and slave dns servers?

Also all key id's are different.

What I've done now is remove all database records related to the domain from
the records, domainmetadata and cryptokeys tables. After that I updated the
serial, and now the information on the slave is identical to the information
on the master. The other slave (on which I did not remove any records) is
still different.

Regards,
Marc

MASTER:
# pdnssec show-zone concepthouse.nl
Zone is not presigned
Zone has hashed NSEC3 semantics, configuration: 1 0 1 ab
keys:
ID = 52088 (KSK), tag = 18209, algo = 8, bits = 2048    Active: 1 (
RSASHA256 )
KSK DNSKEY = concepthouse.nl IN DNSKEY 257 3 8
AwEAAaXVoNLlXDXPJC8Hs1+IQmhcaZ+66Ktqrm3lRROCG4EQUjfqAKIY7h60mEdFRt30NGYNEEvm4ozA4l72zMWAfkV+3JB9sRsstzsamg/4KTIIsHxldF4NlAPekAYZFy2yHzauEpFDMg3cMxw4LELmw8Tr+imW4dXReBRCaW+8KeW31PIlgu5gWhZp8CuSCRtcRs1h59T5PvKbeMX6X1k061vXFgbn1fHTcVnAsKXfrKKBw3cyFPTd4RJbfPdxgfqAlautYG3lI5ud4dajSxWQcJn8ews48Yd/pMI3Ha9hZbSL82WnWlWmhxmbKl9PpcIcgXm3sso1DPy+5NmFI0mCUNM=
; ( RSASHA256 )
DS = concepthouse.nl IN DS 18209 8 1
249d09d91fa7c0202112c59e63b35b2003226a4e ; ( SHA1 digest )
DS = concepthouse.nl IN DS 18209 8 2
665f864ef2884edb055d611d6f3ff4ac50505fec553d1dfed12c105219facfde ; ( SHA256
digest )

ID = 52089 (ZSK), tag = 37080, algo = 8, bits = 1024    Active: 1 (
RSASHA256 )

SLAVE:
# pdnssec show-zone concepthouse.nl
Zone is not presigned
Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab
keys:
ID = 859 (KSK), tag = 10691, algo = 8, bits = 2048      Active: 1 (
RSASHA256 )
KSK DNSKEY = concepthouse.nl IN DNSKEY 257 3 8
AwEAAeU6V/bRYKX6uDV/w/uVOH6DRIhnq+SN/tOtBkEJgTAK3h7PJHJm1/vBfsZ44lFm3S4OOVy9WoKrly/HtYhNOCVa3wTInyU2Ix1ITxq7cK3Ybsx8X/kyCaQknqZ0D/iHFWpxPQzQbxZm+5IHNxeC5ljeM7TTbmsrRkVmRQCxVgniskmSc1MpnymDOG12zO4wg/Ju+nrMiMMCwQ83ccHWAlZEq9Fo3zP7Q2FRnC+L6a89tLuX6BZ4eIMLl3epdI7Eq/NcCZAb1EqZd/hfZCEbeU7YDmjV55il7ePGgXqvRoPOQfbGIHF34vxWzNFk7MPu6IxUqLrdBbOXp57mQ3CjPU0=
; ( RSASHA256 )
DS = concepthouse.nl IN DS 10691 8 1
f8b1f8410f758b1f99fdd2eb00384ef95a8edb74 ; ( SHA1 digest )
DS = concepthouse.nl IN DS 10691 8 2
0964ffe5fce2542904f682c65d9971c360f562054d18b0776155bb6b0bd268b7 ; ( SHA256
digest )

ID = 860 (ZSK), tag = 14754, algo = 8, bits = 1024      Active: 1 (
RSASHA256 )
ID = 861 (ZSK), tag = 58798, algo = 8, bits = 1024      Active: 0 (
RSASHA256 )




--
View this message in context: http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349p10356.html
Sent from the PowerDNS mailing list archive at Nabble.com.

More information about the Pdns-users mailing list