inconsistency dnssec debuguers response and writing conseil for new areas zone
Eivind Olsen
eivind at aminor.no
Mon Feb 28 17:42:12 UTC 2011
Den 28. feb. 2011 kl. 17.46 skrev fakessh @:
> for example the test shows me some time
> http://dnssec-debugger.verisignlabs.com/nicolaspichot.fr the results are
> not consistent with my expectations
Well, I see a few different errors for that domain:
I don't see any DS records for your domain when I query the fr. nameservers. I don't know how it's handled in that TLD but I guess you somehow need to tell your registrar about your KSK, so they can put in the correct DS record.
The delegation of your domain looks a bit odd, the fr. nameservers claims you have:
- ns0.xname.org
- ns1.xname.org
- ns1.novacrea.fr
- r13151.ovh.net
...but if I query any of these, I'm told there's also ns2.xname.org
At the moment, ns1.xname.org gives an older version of the zone, with a serial number "2011021401"
Check the list of errors on http://dnsviz.net/d/nicolaspichot.fr/dnssec/ especially about missing key 12961.
--
Regards
Eivind Olsen
eivind at aminor.no
More information about the bind-users
mailing list