How to validate DNSSEC signed record with dig?

William Thierry SAMEN thierry.samen at gmail.com
Tue Feb 7 16:40:59 UTC 2012


Hi everybody,
sorry for my post i'm not read to bring a light to the 1st problem but to
find help.

I'm triying to sign a zone on Bind 9.8-P1 but i have this message:

*dnssec-signzone: fatal: key myKSK.key not at origin*

I just want help if someone has been confronted with this kind of message
i'll be so happy to have a few idea to debugg my problem

Thx.


2012/2/6 Tony Finch <dot at dotat.at>

> Spain, Dr. Jeffry A. <spainj at countryday.net> wrote:
> >
> > Checking your two name servers, 8.8.8.8 (google-public-dns-a.google.com)
> > doesn't appear to offer DNSSEC validation, and 78.46.213.227
> > (rms.coozila.com) doesn't respond to my query at all.
>
> It's worse than that. Google Public DNS doesn't support DNSSEC at all, so
> you cannot use it to query DNSSEC records. DNSSEC requires resolvers to
> handle RRSIG and DS records in special ways even if they are not
> validating the signatures.
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> North Utsire, South Utsire: Cyclonic mainly southerly or southeasterly, 5
> to
> 7, occasionally gale 8 in east at first. Rough. Rain or snow. Moderate or
> poor.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Cordialement.
Thierry *SAMEN.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120207/5873f7d0/attachment.html>


More information about the bind-users mailing list