[Pdns-users] cryptokeys.id out of sync
James Cloos
cloos at jhcloos.com
Tue Aug 6 17:16:06 UTC 2013
>>>>> "PvD" == Peter van Dijk <peter.van.dijk at netherlabs.nl> writes:
>> I presume that the unsynced .id is enough to confuse verifiers?
PvD> Verifiers don't see the .id, so that can't be it. Can you post the
PvD> name of a failing zone and point us to the working and failing auths?
After I posted that, I decided to test using nsd via axfr on the
secondaries, so the disagreeing instances are not in service.
But for a test I just started one of them on port 54. Compare the
servers: ore.jhcloos.com:53 vs liberty.jhcloos.com:54 with zones
jhcloos.{com,net,us}.
Both http://dnssec-debugger.verisignlabs.com/${ZONE} and
http://dnsviz.net/d/${ZONE}/dnssec/ were complaining about
verification until I switched back to axfr.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the Pdns-users
mailing list