DNSSEC and NSEC missing ZSK?
kremels at kreme.com
Wed Feb 10 01:48:19 UTC 2021
On 09 Feb 2021, at 16:19, Mal via bind-users <bind-users at lists.isc.org> wrote:
> On 09/02/2021 10:47 pm, @ wrote:
>> Well, I have finally ogttenteh test zone to the point where dnssec-verify is happy and everything that I can check also seems happy except dnsviz which is very very VERY angry and basically says the zone is entirely garabge. I am hoping this is a propagation issue, but I kind of doubt it since it should be quarrying the authoritative DNS for the DNSKEY and RRSIG and such, I'd think.
> The easiest way to get help is to post your named.conf and zone file.
Not doing that for domains that are not actually owned by me, which includes the domain I was using to test this setup.
> DNSVIZ displays your current state very well. If its showing you
> errors, then it requires you to act.
Seems not to be the case as after 10 hours or so, dnsviz has stopped complaining.
Heisenberg's only uncertainty was what pub to vomit in next and Jung
fancied Freud's mother too. -- Jared Earle
More information about the bind-users