Testing KASP, CDS, and .ch

Hugo Salgado hsalgado at nic.cl
Fri Apr 9 20:23:48 UTC 2021


Switch has a website to test the CDS processing for .ch:
  https://www.nic.ch/security/cds/

for domainmail.ch it says "The CDS configuration of the domain name
domainmail.ch will not be processed.
[ ... ]
The DNS query returned: "Server failed to complete the DNS request".
"

You should check the requirements. You'd need to answer for three
consecutive days, be consistent in all NS IP addresses, etc.

Hugo

On 15:11 09/04, Jim Popovitch via bind-users wrote:
> On Fri, 2021-04-09 at 19:05 +0000, John W. Blue via bind-users wrote:
> > So the issue here is that the DS record that sit in .ch has an ID of 22048 but the domainmail.ch servers are telling the world that the correct ID is 17870.
> > 
> > Thus the DNSSEC breakage.
> 
> Of course, however there is no 22048 id in Gandi (the Registrar), yet it
> appears in .ch, and 17870 is still Active (as of this moment in time).  
> 
> What I can't figure out is how/when does .ch query the CDS/CDNSKEY data.
> 
> I know that I can make the domain validate by manually putting a
> keyid+data in Gandi, but the whole purpose of CDS/CDNSKEY is to not have
> to do that, no?
> 
> -Jim P.
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210409/170adde1/attachment.bin>


More information about the bind-users mailing list