problem validate key of isc dlv

Torinthiel torinthiel at data.pl
Sun Mar 20 21:47:45 UTC 2011 

On 03/20/11 22:33, fakessh @ wrote:
> and what do I do. 

You have to add your key to ISC's DLV registry. Go to dlv.isc.org,
create account, login, add a zone, add keys for it and publish a record
in your zone validating that you're the owner of the zone. You will be
told what to do after you create zone.

> and what is this other publication of another DS

I have no idea what do you mean by this sentence.
Torinthiel

> 
> 
> Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit :
>> In message <1300650238.6651.15.camel at localhost.localdomain>, "fakessh @" writes
>> :
>>> hello bind network and duru. 
>>>
>>> I can not validate the key dlv via the website of the isc. 
>>> I do not understand why the warning is the isc 
>>> you have an explanation
>>> SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR
>>> 4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR
>>> 4.502:SUCCESS 87.98.186.232 answered DNSKEY query with rcode NOERROR
>>> 4.502:INFO Total answers: 3
>>> 4.503:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.164.164
>>> 4.504:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.186.232
>>> 4.504:SUCCESS All DNSKEY responses are identical.
>>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=10231 flags=257 alg=RSASHA1
>>> AwEAAbwO...8fkjXphfS8=
>>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key.
>>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=30111 flags=256 alg=RSASHA1
>>> AwEAAb1q...jG+UQeAtYE=
>>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key.
>>> 4.515:INFO VERIFY-DNSKEY: 2 DNSKEYs found.
>>> 4.515:INFO VERIFY-DNSKEY: 0 keys found after filtering.
>>> 4.515:DEBUG VERIFY-DNSKEY: Using keys:
>>> 4.516:DEBUG VERIFY-DNSKEY: To verify rrset type DNSKEY
>>> 4.516:FAILURE VERIFY-DNSKEY: No keys found after filtering.
>>> 4.516:FAILURE DNSKEY signature did not validate.
>>> 4.516:FINAL_FAILURE FAILURE
>>
>> Based on the key tags and the truncated keys I think these keys are
>> for fakessh.eu and if so there isn't a DLV record or a DS published
>> for fakessh.eu.  The only other thing the validator can check against
>> is any installed trust-anchor.
>>
>> Mark
>>
>> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu.dlv.isc.org dlv
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48161
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu ds
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63623
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>
>>
>>> -- 
>>> gpg --keyserver pgp.mit.edu --recv-key 092164A7
>>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
>>>
>>>
>>>
>>> _______________________________________________
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110320/ee41eda8/attachment.bin>

More information about the bind-users mailing list