Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 577
    • Issues 577
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 116
    • Merge requests 116
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #783
Closed
Open
Issue created Dec 14, 2018 by Matthijs Mekking@matthijs🏡Owner

Allow unsupported algorithms in zone when not used for signing

Summary

If you have a DNSKEY with an unsupported algorithm in your zone, dnssec-signzone refuses to sign the zone.

BIND version used

9.13.5

Steps to reproduce

Have a DSA public key stored in a file dsa.key. Have an unsigned zone file for example root.db. Then create a key for signing and sign the zone with it.

dnssec-keygen -a rsasha256 -qfk .
dnssec-keygen -a rsasha256 -q .
cat dsa.key >> root.db
dnssec-signzone -S -o . root.db K.+008+57997 K.+008+46623

This will output:

dnssec-signzone: fatal: failed to load the zone keys: algorithm is unsupported

What is the current bug behavior?

dnssec-signzone encounters a fatal error and refuses to sign the zone.

What is the expected correct behavior?

dnssec-signzone should sign the zone regardless of the algorithms used in the DNSKEY RRset.

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Assignee
Assign to
Time tracking