<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<div class="moz-cite-prefix">On 28-Dec-22 19:40, Eric Germann wrote:<br>
</div>
<blockquote type="cite"
cite="mid:sig.03621a870f.3B5CB206-93EB-43AC-8AF8-35AFDEE710E1@semperen.com">
<div>My question is</div>
<div><br>
</div>
<div>Is there any way to decode the DS record and see what key tag
is actually encoded in it? If it’s 32686 it’s an issue with
Route53. If it’s 22755 it’s an issue with dnssec-dsfromkey.</div>
<div><br>
</div>
<div>If anyone wants the DNSKEY for algorithm 8, ping me off list
and I will share it with you in a private email.</div>
<div><br>
</div>
<div>Thoughts?</div>
<div><br>
</div>
<div>
<div>
<div dir="auto" style="caret-color: rgb(0, 0, 0); color:
rgb(0, 0, 0); letter-spacing: normal; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break: after-white-space;">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color:
rgb(0, 0, 0); letter-spacing: normal; text-align: start;
text-indent: 0px; text-transform: none; white-space:
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break: after-white-space;">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color:
rgb(0, 0, 0); letter-spacing: normal; text-align: start;
text-indent: 0px; text-transform: none; white-space:
normal; word-spacing: 0px; -webkit-text-stroke-width:
0px; text-decoration: none; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align: start; text-indent:
0px; word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;">
<div dir="auto" style="text-align: start; text-indent:
0px; word-wrap: break-word; -webkit-nbsp-mode:
space; line-break: after-white-space;">
<div dir="auto" style="text-align: start;
text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align: start;
text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align: start;
text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align: start;
text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align: start;
text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align: start;
text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;">
<div dir="auto" style="text-align:
start; text-indent: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;">
<div dir="auto" style="text-align:
start; text-indent: 0px; word-wrap:
break-word; -webkit-nbsp-mode:
space; line-break:
after-white-space;">
<div dir="auto" style="text-align:
start; text-indent: 0px;
word-wrap: break-word;
-webkit-nbsp-mode: space;
line-break: after-white-space;">
<div dir="auto" style="text-align:
start; text-indent: 0px;
word-wrap: break-word;
-webkit-nbsp-mode: space;
line-break: after-white-space;">
<div dir="auto"
style="text-align: start;
text-indent: 0px; word-wrap:
break-word; -webkit-nbsp-mode:
space; line-break:
after-white-space;">
<div dir="auto"
style="text-align: start;
text-indent: 0px; word-wrap:
break-word;
-webkit-nbsp-mode: space;
line-break:
after-white-space;">
<div dir="auto"
style="text-align: start;
text-indent: 0px;
word-wrap: break-word;
-webkit-nbsp-mode: space;
line-break:
after-white-space;">
<div dir="auto"
style="text-align:
start; text-indent: 0px;
word-wrap: break-word;
-webkit-nbsp-mode:
space; line-break:
after-white-space;">
<div dir="auto"
style="text-align:
start; text-indent:
0px; word-wrap:
break-word;
-webkit-nbsp-mode:
space; line-break:
after-white-space;">
<div dir="auto"
style="text-align:
start; text-indent:
0px; word-wrap:
break-word;
-webkit-nbsp-mode:
space; line-break:
after-white-space;">
<div dir="auto"
style="text-align:
start;
text-indent: 0px;
word-wrap:
break-word;
-webkit-nbsp-mode:
space; line-break:
after-white-space;">
<div dir="auto"
style="text-align:
start;
text-indent:
0px; word-wrap:
break-word;
-webkit-nbsp-mode:
space;
line-break:
after-white-space;">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word;
-webkit-nbsp-mode:
space;
line-break:
after-white-space;">
<div
dir="auto"
style="text-align:
start;
text-indent:
0px;
word-wrap:
break-word;
-webkit-nbsp-mode:
space;
line-break:
after-white-space;">
<div
dir="auto"
style="text-align:
start;
text-indent:
0px;
word-wrap:
break-word;
-webkit-nbsp-mode:
space;
line-break:
after-white-space;">
<div
style="caret-color:
rgb(0, 0, 0);
color: rgb(0,
0, 0);
font-variant-caps:
normal;
letter-spacing:
normal;
text-transform:
none;
white-space:
normal;
word-spacing:
0px;
text-decoration:
none;
-webkit-text-stroke-width:
0px;
font-family:
Helvetica;
font-style:
normal;
font-weight:
normal;
font-size:
15px;
text-align:
start;
text-indent:
0px;"><span
style="font-family:
InputMono-Regular;"><br class="Apple-interchange-newline">
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
Perhaps you have TTL issues.<br>
<p>dnssec-dsfromkey and dnsviz are both accurate.</p>
<p>The keytag is visible in the DS record. No decoding needed
First field after "DS"<code><br>
</code></p>
<p><code>ericgermann.photography. 3600 IN DS <font
color="#ff0000"> <u>22755</u></font><u> </u>8 2
2E81A125523957ED2C3076B4E58BE159027F659D74E184E2F0B81D92
2D1E7FA9</code><code><br>
</code></p>
<p>See also Perl Net::DNS::SEC. Here are some one-liners from your
domain that print the keytag from DS and DNSKEY records.<br>
</p>
<p><code> perl -MNet::DNS -MNet::DNS::SEC -e' print
Net::DNS::RR->new("ericgermann.photography. DS 22755 8 2
2E81A1255ED2C3076B4E58BE159027F659D74E184E2F0B81D92
2D1E7FA9")->keytag,"\n"'<u><br>
22755</u><br>
</code></p>
<p><code>perl -MNet::DNS -MNet::DNS::SEC -e' print
Net::DNS::RR->new("ericgermann.photography. DNSKEY 256 3 15
9SM6gMjImcK0sKPvIlEr9ZNKxsqmSL9zO7P9kZTH8XQ=")->keytag,"\n"'</code><code><br>
</code><u><code>48248</code></u><code><br>
</code><br>
</p>
<pre class="moz-signature" cols="72">Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
</pre>
<p></p>
<div id="grammalecte_menu_main_button_shadow_host" style="width:
0px; height: 0px;"></div>
</body>
</html>