2

I am trying to configure DNSSec with BIND9 on CentOS 6.4 running DirectAdmin control panel. I am using this tutorial to make it work: https://www.dnssec-tools.org/wiki/index.php/Zonesigner

But I can't get it work...

When I run this command: 

zonesigner --genkeys jordikroon.nl.db jordikroon.nl.db.signed

I get this error:

jordikroon.nl.db:17: ignoring out-of-zone data (jordikroon.nl)
jordikroon.nl.db:18: ignoring out-of-zone data (jordikroon.nl)
jordikroon.nl.db:22: ignoring out-of-zone data (jordikroon.nl)
jordikroon.nl.db:29: ignoring out-of-zone data (jordikroon.nl)
jordikroon.nl.db:33: ignoring out-of-zone data (jordikroon.nl)
zone jordikroon.nl.db/IN: has no NS records
zone jordikroon.nl.db/IN: not loaded due to errors.

I can't find anything on the web about this error.

This is my zone db file:

$TTL 14400
@       IN      SOA     ns1.ghservers.org.      hostmaster.jordikroon.nl. (
                                                2013090703
                                                14400
                                                3600
                                                1209600
                                                86400 )

jordikroon.nl.  14400   IN  NS  ns1.ghservers.org.
jordikroon.nl.  14400   IN  NS  ns2.ghservers.org.

cp  14400   IN  A   85.17.32.228
ftp 14400   IN  A   85.17.32.228
jordikroon.nl.  14400   IN  A   85.17.32.228
localhost   14400   IN  A   127.0.0.1
mail    14400   IN  A   85.17.32.228
pop 14400   IN  A   85.17.32.228
smtp    14400   IN  A   85.17.32.228
www 14400   IN  A   85.17.32.228

jordikroon.nl.  14400   IN  MX  10 mail



jordikroon.nl.  14400   IN  TXT "v=spf1 a mx ip4:85.17.32.228 ~all"

localhost   14400   IN  AAAA    ::1

How do I have to fix this? All IN keywords are being ignored. Any help is welcome:-)

Jordi Kroon
  • 77
  • 12

2 Answers2

2

It is customary to use the abbreviation @ in bind zone file instead of using the domainname. It seems the zonesigner perl code expects this convention.

After modifying your zone file to the one below I had no problems generating keys and signing it.

$TTL 14400
@       IN      SOA     ns1.ghservers.org.      hostmaster.jordikroon.nl. (
                                                2013090704
                                                14400
                                                3600
                                                1209600
                                                86400 )

@  14400   IN  NS  ns1.ghservers.org.
@  14400   IN  NS  ns2.ghservers.org.

@  14400   IN  TXT "v=spf1 a mx ip4:85.17.32.228 ~all"
@  14400   IN  MX  10 mail
@  14400   IN  A   85.17.32.228


cp  14400   IN  A   85.17.32.228
ftp 14400   IN  A   85.17.32.228
localhost   14400   IN  A   127.0.0.1
mail    14400   IN  A   85.17.32.228
pop 14400   IN  A   85.17.32.228
smtp    14400   IN  A   85.17.32.228
www 14400   IN  A   85.17.32.228

localhost   14400   IN  AAAA    ::1
HBruijn
  • 72,524
  • 21
  • 127
  • 192
1

Check your named.conf, I'm pretty sure that you have

zone "jordikroon.nl.db"

in your zone definition instead of

zone "jordikroon.nl"
Mauricio López
  • 944
  • 4
  • 9