[Pdns-dev] DS RRs do not validate
bert hubert
bert.hubert at netherlabs.nl
Wed Apr 27 15:22:33 CEST 2011
On Sat, Apr 23, 2011 at 02:24:30PM -0400, James Cloos wrote:
> KSK DNSKEY = jhcloos.us IN DNSKEY 257 3 8 AwEAAdDnaycbNggeRGm1GhMhIiP33JGfvp38qlt1KZlnTMeW/4CaVMTCpIG8F2di+G2/HS/n3OBOWh2JWpCMFwkW3KSfOV4b0ZViRqPGdiha/JTXWKY45/CNZISX+oDm22pVY2Gi6K7bvQl0vOk6NHljV5ZochKBg4i27egAHxksqZe2PHr1I2pXqFFua+dCPgStpyQmtg95utYlJKyQDY5GQ1j7P8R8kSYFMl85ej4/kwW0/PNieeZL/H5o2KfI0euoGXgMDn0fiBSlEPM6H8JTuc4JWIoGOmd7hhPupMlcQLIBGFy7R1pQbuRPk4WpKTwkOEIIpHVqAtvuRkk/SK25n0U=
> DS = jhcloos.us IN DS 23900 8 1 a00d0b5c2d72b86fc636289ce0ac9f1ef4e3830d
Based on this DNSKEY, the 'drill' tool from NLNetLabs calculates the
following DS:
; jhcloos.us. IN DS 23900 8 1 a00d0b5c2d72b86fc636289ce0ac9f1ef4e3830d
So at least algorithm 1 appears to be correctly calculated.
> :; dig +dnssec +sigchase +trusted-key=./trusted-keys -t MX jhcloos.us @localhost
> ;; RRset to chase:
> jhcloos.us. 86400 IN MX 10 pao.uu.jhcloos.net.
I'll try to check everything else to see what might be going on.
Bert
More information about the Pdns-dev
mailing list