DNSSEC and NSEC missing ZSK?
@lbutlr
kremels at kreme.com
Wed Feb 10 01:48:19 UTC 2021
On 09 Feb 2021, at 16:19, Mal via bind-users <bind-users at lists.isc.org> wrote:
> On 09/02/2021 10:47 pm, @ wrote:
>> Well, I have finally ogttenteh test zone to the point where dnssec-verify is happy and everything that I can check also seems happy except dnsviz which is very very VERY angry and basically says the zone is entirely garabge. I am hoping this is a propagation issue, but I kind of doubt it since it should be quarrying the authoritative DNS for the DNSKEY and RRSIG and such, I'd think.
> The easiest way to get help is to post your named.conf and zone file.
Not doing that for domains that are not actually owned by me, which includes the domain I was using to test this setup.
> DNSVIZ displays your current state very well. If its showing you
> errors, then it requires you to act.
Seems not to be the case as after 10 hours or so, dnsviz has stopped complaining.
--
Heisenberg's only uncertainty was what pub to vomit in next and Jung
fancied Freud's mother too. -- Jared Earle
More information about the bind-users
mailing list