Bug 54661

Summary: bind: dnssec-keygen: DSA & RSA don't work
Product: [Retired] Red Hat Public Beta Reporter: Bart De Gruyter <bdg>
Component: bindAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: roswellKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
URL: http://marc.theaimsgroup.com/?l=bind9-users&m=100315839926621&w=2
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-10-15 17:26:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bart De Gruyter 2001-10-15 17:26:02 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010808

Description of problem:
The dnssec-keygen program does not allow to generate DSA or
RSA key's for DNSSEC. DSA gives a segmentation fault; RSA says
that it does not find openssl.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
On a redhat system (roswell): bind version delivered is:
9.1.3-3


1. dnssec-keygen -a DSA -b 1024 -n ZONE myc4a.net

results in a segmentation violation

2. dnssec-keygen -a RSA -b 1024 -n ZONE myc4a.net

gives this error message:dnssec-keygen: failed to generate key
myc4a.net/RSAMD5: openssl failure

openssl version installed by roswell:
openssl-0.9.6b-4

3.dnssec-keygen -a HMAC-MD5 -b 512 -n ZONE mc1.myc4a.net

works; but is not good to sign zone's

	

Actual Results:  see above

Expected Results:  the .key and .private file should have been generated
like in step
3

Additional info:

How to solve this problem:

0. you should have openssl installed (of course)

1. uninstall the bind rpm:
rpm -e --nodeps bind

2. download the bind source package (any.tar.gz) file from
the bind site: http://www.isc.org/products/BIND/

3. compile and install the package and presto; it will now work!


You can find a description of this solution on-line:

http://marc.theaimsgroup.com/?l=bind9-users&m=100316313915759&w=2

greetings,

Bart De Gruyter
Comment 1 Bernhard Rosenkraenzer 2001-10-24 13:49:27 UTC 
Thanks, fixed in 9.2.0-*