From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010808

Description of problem:
The dnssec-keygen program does not allow to generate DSA or
RSA key's for DNSSEC. DSA gives a segmentation fault; RSA says
that it does not find openssl.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
On a redhat system (roswell): bind version delivered is:
9.1.3-3


1. dnssec-keygen -a DSA -b 1024 -n ZONE myc4a.net

results in a segmentation violation

2. dnssec-keygen -a RSA -b 1024 -n ZONE myc4a.net

gives this error message:dnssec-keygen: failed to generate key
myc4a.net/RSAMD5: openssl failure

openssl version installed by roswell:
openssl-0.9.6b-4

3.dnssec-keygen -a HMAC-MD5 -b 512 -n ZONE mc1.myc4a.net

works; but is not good to sign zone's

	

Actual Results:  see above

Expected Results:  the .key and .private file should have been generated
like in step
3

Additional info:

How to solve this problem:

0. you should have openssl installed (of course)

1. uninstall the bind rpm:
rpm -e --nodeps bind

2. download the bind source package (any.tar.gz) file from
the bind site: http://www.isc.org/products/BIND/

3. compile and install the package and presto; it will now work!


You can find a description of this solution on-line:

http://marc.theaimsgroup.com/?l=bind9-users&m=100316313915759&w=2

greetings,

Bart De Gruyter