[Pdns-users] DNSSEC trouble
Peter Thomassen
peter at desec.io
Wed May 20 11:34:59 UTC 2015
Hi Leen,
On 05/20/2015 12:32 PM, Leen Besselink wrote:
>> # these failed:
>> dig @ns1.desec.io +dnssec +norec desec.io DNSKEY
>> dig @ns1.desec.io +dnssec +norec desec.io A
>>
>> Here is a working example with an RRSIG for the DNSKEY query:
[...]
> As we can see, no RRSIG-record on your domain, my guess would be the transfered domain isn't properly signed before it's transfered:
>
> $ dig +dnssec +norec @ns1.desec.io desec.io DNSKEY
[...]
> I would try the same query on the hidden master first.
I did try that, and when I query the hidden master, in fact I do get the
RRSIG records for free. Why is that not the case for the slaves?
I made the hidden master available at desec.io temporarily -- so, compare
dig +dnssec +norec @desec.io desec.io A
dig +dnssec +norec @ns1.desec.io desec.io A
This really confuses me.
Best,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150520/23d47121/attachment-0001.sig>
More information about the Pdns-users
mailing list