服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 没有findRRSIG
Intereting Posts
在KVM下Hylafax + Ubuntu不可靠 SSH密钥validation不起作用 dsadd给出“提供的名称不是一个正确的帐户名称”。 IIS 7redirect到SSL 无法连接到'localhost'上的MySQL服务器(10048) 在数据中心寻找关键的东西 EMC PowerPath或MultiPath? 如何删除Windows Server 2008上的Windows Update卸载文件? 在非pipe理员login时运行MSIEXEC 在同一台机器上运行ASP.NET网站和Exchange Server? 使用EC2上的Unbuntu 11.10禁用“共享terminal”行为? 无法打开TUN / TAP dev / dev / as0t0:没有这样的文件或目录(errno = 2) BAT / CMD可以使用不同的参数多次启动一个exe文件,而无需额外的bat文件 使HS22刀片更快启动 是否有一个Windows CMD等价于Unix shell的exec?

没有findRRSIG

我有一个dnssec到期,并重做一切,我得到以下错误没有从verisigndebugging发现RRSIGs

这些是我用来生成密钥和签名的确切步骤。 我错过了什么步骤?

脚步: 

emailer1 opendkim # dnssec-keygen -f KSK -r /dev/urandom -a RSASHA256 -b 2048 -n ZONE nyctelecomm.com Generating key pair...............+++ ...................+++ Knyctelecomm.com.+008+63409 emailer1 opendkim # dnssec-keygen -r /dev/urandom -a RSASHA256 -b 2048 -n ZONE nyctelecomm.com Generating key pair............+++ ...............+++ Knyctelecomm.com.+008+30369 emailer1 opendkim # ls keys nyctelecomm.com.external KeyTable old Knyctelecomm.com.+008+30369.key opendkim.conf Knyctelecomm.com.+008+30369.private SigningTable Knyctelecomm.com.+008+63409.key TrustedHosts Knyctelecomm.com.+008+63409.private emailer1 opendkim # mv Knyctelecomm.com.+008+63409.key Knyctelecomm.com.ksk.key emailer1 opendkim # mv Knyctelecomm.com.+008+63409.private Knyctelecomm.com.ksk.private emailer1 opendkim # mv Knyctelecomm.com.+008+30369.key Knyctelecomm.com.zsk.key emailer1 opendkim # mv Knyctelecomm.com.+008+30369.private Knyctelecomm.com.zsk.private emailer1 opendkim # ls keys Knyctelecomm.com.zsk.key opendkim.conf KeyTable Knyctelecomm.com.zsk.private SigningTable Knyctelecomm.com.ksk.key nyctelecomm.com.external TrustedHosts Knyctelecomm.com.ksk.private old emailer1 opendkim # nano nyctelecomm.com.external emailer1 opendkim # pwd /etc/opendkim emailer1 opendkim # nano nyctelecomm.com.external emailer1 opendkim # dnssec-signzone -e20150330000000 -p -t -g -k Knyctelecomm.com.ksk.key -o nyctelecomm.com nyctelecomm.com.external Knyctelecomm.com.zsk.key Verifying the zone using the following algorithms: RSASHA256. Zone fully signed: Algorithm: RSASHA1: KSKs: 0 active, 0 stand-by, 0 revoked ZSKs: 0 active, 1 stand-by, 0 revoked Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked ZSKs: 1 active, 0 stand-by, 0 revoked nyctelecomm.com.external.signed Signatures generated: 35 Signatures retained: 0 Signatures dropped: 0 Signatures successfully verified: 0 Signatures unsuccessfully verified: 0 Signing time in seconds: 0.052 Signatures per second: 662.790 Runtime in seconds: 0.058 emailer1 opendkim # ls dnssec-technotes.txt Knyctelecomm.com.ksk.private old dsset-nyctelecomm.com. Knyctelecomm.com.zsk.key opendkim.conf keys Knyctelecomm.com.zsk.private SigningTable KeyTable nyctelecomm.com.external TrustedHosts Knyctelecomm.com.ksk.key nyctelecomm.com.external.signed emailer1 pri # dnssec-dsfromkey -1 -f nyctelecomm.com.external.signed nyctelecomm.com nyctelecomm.com. IN DS 57076 8 1 E597070570CCDAF5407B6E688D2B55A708D7BE43

然后我更新godaddy来反驳新的DS