[Pdns-dev] DS RRs do not validate

James Cloos cloos at jhcloos.com
Fri Apr 22 23:53:21 CEST 2011

I followed the instructions in the wiki, but the DS RRs which pdnssec
show-zone reports do not work.

My registrar's site reported that they would not validate, so I added
them to an trust-anchor-file and unbound agreed that they results were

The DS RRs reported by export-zone-dnskey are the same, and thus also
fail.  (Except that, unlike show, export doesn't specify GOST DSs.)

I'm using pdns-static_3.0-rc2-1_i386.deb.

You can try lookups for jhcloos.us.  (SOA, MX and NS RRs exist) with
the anchor:

jhcloos.us IN DS 23900 8 2 4713604b388fd3310c1cc7e01f43e0a8dc56f7b2d69de77ed5a72a5d627bf517

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the Pdns-dev mailing list