[Having just noticed the anon login details to the wiki, Im moving this here from the dev list]
:; pdnssec add-zone-key example.net zsk ecdsa256
:; pdnssec show-zone example.net
Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab
Zone is not presigned
... [ previous keys elided ] ...
ID = 888 (ZSK), tag = 8888, algo = 8, bits = 256 Active: 0
:; dig @localhost example.net. dnskey +tcp
... [ other data elided ] ...
example.net. 3600 IN DNSKEY 256 3 8 AAA=
(I've confirmed that the dig results I elided match the previous ksk
and zsk keys I also elided. Those previous keys are algo=8 and are
reported correcly as such.)
(The ID, tag and name were changed to protect the innocent. :)
I also tried using gost, but that errored out as unrecognized.
I'm currently running the version in debian sid:
As replied on-list:
I've tried to reproduce your issue using the current SVN version of PowerDNS, and while I've run into a few minor glitches, I see nothing that looks like your problem. The weirdest thing about your report is the 'algo=8' (which is also the '8' in the DNSKEY response) - algorithm 8 is RSA/SHA256; ecdsa256 is algorithm 13. Are you sure you're looking at this right?
Your reply, copied from on-list:
Yes, that is exactly the bug. Even though it shows as 13 in psql, it is
output as 8 from the pdnssec cli and from actual lookups.
To clarify, I cannot reproduce with current SVN.