Hi and thanks Jim for your response.

> My guess is the key you've used isn't known to the server.


I think so too. This is the unique reason for what the server cannot
validate the signature... but I use the private key of the server for
signing the request and the server knows its own key.

Also, I've added a trusted-keys tag in the file /etc/named.conf where I
specify the public key of the server to do the validation.

Thanks a lot!!

------
Manuel Gil Pérez
http://www.dnssec.seinit.org


>>>>>> "Manuel" == Manuel Gil Perez writes:

>
> Manuel> Hi everyone, I would like to use SIG(0) as mechanism to
> Manuel> publish certificates into my DNS server of secure way
> Manuel> using DNS dynamic update (note: I'm using the last version
> Manuel> of BIND, 9.3.0).
>
> Manuel> The request is generated and sent successfully but I
> Manuel> obtain a SERVFAIL from the server:
>
> Manuel> Reviewing the log files the server returns the following
> Manuel> error: < > Manuel> (NOERROR)>>.
>
> Manuel> Is BIND qualified to verify SIG(0) signatures??
>
> Of course. If it didn't what would be the point of supporting SIG(0)?
>
> Turn up the name server's DNSSEC debugging if you want to know why the
> verification failed. My guess is the key you've used isn't known to
> the server. If you post the actual files -- don't edit anything! --
> someone might be able to debug them.