Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 54661 - bind: dnssec-keygen: DSA & RSA don't work
bind: dnssec-keygen: DSA & RSA don't work
Product: Red Hat Public Beta
Classification: Retired
Component: bind (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-10-15 13:26 EDT by Bart De Gruyter
Modified: 2007-04-18 12:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-10-15 13:26:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bart De Gruyter 2001-10-15 13:26:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010808

Description of problem:
The dnssec-keygen program does not allow to generate DSA or
RSA key's for DNSSEC. DSA gives a segmentation fault; RSA says
that it does not find openssl.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
On a redhat system (roswell): bind version delivered is:

1. dnssec-keygen -a DSA -b 1024 -n ZONE myc4a.net

results in a segmentation violation

2. dnssec-keygen -a RSA -b 1024 -n ZONE myc4a.net

gives this error message:dnssec-keygen: failed to generate key
myc4a.net/RSAMD5: openssl failure

openssl version installed by roswell:

3.dnssec-keygen -a HMAC-MD5 -b 512 -n ZONE mc1.myc4a.net

works; but is not good to sign zone's


Actual Results:  see above

Expected Results:  the .key and .private file should have been generated
like in step

Additional info:

How to solve this problem:

0. you should have openssl installed (of course)

1. uninstall the bind rpm:
rpm -e --nodeps bind

2. download the bind source package (any.tar.gz) file from
the bind site: http://www.isc.org/products/BIND/

3. compile and install the package and presto; it will now work!

You can find a description of this solution on-line:



Bart De Gruyter
Comment 1 Bernhard Rosenkraenzer 2001-10-24 09:49:27 EDT
Thanks, fixed in 9.2.0-*

Note You need to log in before you can comment on or make changes to this bug.