[Pdns-dev] DS RRs do not validate
James Cloos
cloos at jhcloos.com
Fri Apr 22 23:53:21 CEST 2011
I followed the instructions in the wiki, but the DS RRs which pdnssec
show-zone reports do not work.
My registrar's site reported that they would not validate, so I added
them to an trust-anchor-file and unbound agreed that they results were
sec_status_bogus.
The DS RRs reported by export-zone-dnskey are the same, and thus also
fail. (Except that, unlike show, export doesn't specify GOST DSs.)
I'm using pdns-static_3.0-rc2-1_i386.deb.
You can try lookups for jhcloos.us. (SOA, MX and NS RRs exist) with
the anchor:
jhcloos.us IN DS 23900 8 2 4713604b388fd3310c1cc7e01f43e0a8dc56f7b2d69de77ed5a72a5d627bf517
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the Pdns-dev
mailing list