inconsistency dnssec debuguers response and writing conseil for new areas zone
Laurent Bauer
l.bauer at mailclub.fr
Mon Feb 28 19:14:24 UTC 2011
Eivind Olsen wrote:
>
> Well, I see a few different errors for that domain:
>
> I don't see any DS records for your domain when I query the fr.
> nameservers. I don't know how it's handled in that TLD but I guess
> you somehow need to tell your registrar about your KSK, so they
> can put in the correct DS record.
This is not handled yet. The .FR zone has been signed since september
2010, but submitting DS for child zones will be supported later this year.
See http://operations.afnic.fr for more information.
> The delegation of your domain looks a bit odd, the fr. nameservers claims you have:
> - ns0.xname.org
> - ns1.xname.org
> - ns1.novacrea.fr
> - r13151.ovh.net
> ...but if I query any of these, I'm told there's also ns2.xname.org
This NS record was most certainly added in the child zone after the
domain registration, as the registry performs a zonecheck before adding
/ updating nameservers. Among other things, the nameserver list in each
zone must match the one you want to use at the registry level, or else
the NS update is not processed.
> At the moment, ns1.xname.org gives an older version of the zone, with a serial number "2011021401"
That is another requirement for the zonecheck, the serial number must
match in all zones.
Laurent
More information about the bind-users
mailing list