[Pdns-users] DNSSEC advice
Peter van Dijk
peter.van.dijk at netherlabs.nl
Thu Apr 18 16:25:38 UTC 2013
Hello Steffan,
On Apr 18, 2013, at 17:21 , Steffan Noord wrote:
> noorderkerkede.nl
> pdns-static.i386
> 3.1-1
The DS you submitted to SIDN:
$ dig +norec +short ds noorderkerkede.nl @ns1.dns.nl
6705 3 2 0527DF094BBAE0B6BB4ABCDCE3C695D215461C9DB5097E1C8F9BD8F2 AEE3CC22
Note the key tag '6705'.
The DNSKEYs at your name servers:
$ dig +norec +multiline dnskey noorderkerkede.nl @ns3.tikklik.com | grep 'key id'
) ; ZSK; alg = RSASHA256; key id = 53841
) ; KSK; alg = RSASHA256; key id = 6710
) ; ZSK; alg = RSASHA256; key id = 58795
Note that none of these DNSKEYs have key id 6705. You sent the wrong DS (presumably one for a different zone) to SIDN.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list