DNSSEC and NSEC missing ZSK?

@lbutlr kremels at kreme.com
Wed Feb 10 01:48:19 UTC 2021


On 09 Feb 2021, at 16:19, Mal via bind-users <bind-users at lists.isc.org> wrote:
> On 09/02/2021 10:47 pm, @ wrote:
>> Well, I have finally ogttenteh test zone to the point where dnssec-verify is happy and everything that I can check also seems happy except dnsviz which is very very VERY angry and basically says the zone is entirely garabge. I am hoping this is a propagation issue, but I kind of doubt it since it should be quarrying the authoritative DNS for the DNSKEY and RRSIG and such, I'd think.

> The easiest way to get help is to post your named.conf and zone file. 

Not doing that for domains that are not actually owned by me, which includes the domain I was using to test this setup.

> DNSVIZ displays your current state very well.  If its showing you
> errors, then it requires you to act.

Seems not to be the case as after 10 hours or so, dnsviz has stopped complaining.

-- 
Heisenberg's only uncertainty was what pub to vomit in next and Jung
	fancied Freud's mother too. -- Jared Earle



More information about the bind-users mailing list