[Pdns-users] dnssec problems
Curtis Maurand
curtis at maurand.com
Tue Oct 27 22:18:24 UTC 2015
I set up pdnssec for a rather critical zone xyonet.com. I then
published the ds records to opensrs using
pdnssec show-zone xyonet.com which got me:
DS = xyonet.com IN DS 31879 8 1 b0a50a1f2ec6d0a2e11c1a5152c674fc10a7366a
; ( SHA1 digest )
DS = xyonet.com IN DS 31879 8 2
cdc8a0e46d79fd2b391dcce9b5740ec5d1021d4eccc1038dbe97ef83b8703986 ; (
SHA256 digest )
DS = xyonet.com IN DS 31879 8 3
9621349b03aeda5ab8ffb9e71bf18a2d55491c1da41721447046f77394502d2a ; (
GOST R 34.11-94 digest )
DS = xyonet.com IN DS 31879 8 4
fd0a82a3a1cc67e0ca0b02a5d0ca661191c047788257a90477ffe75aeb5a0cc7d3768fed9997621a8d97d2951c8477e3
; ( SHA-384 digest )
I published all 4 of the keys. Verisign comes back and give me the error:
"The DNSKEY RRset was not signed by any keys in the chain-of-trust"
Have I done something wrong, here? suddenly today google's public dns
servers are not resolving anything on xyonet.com. level 3 is and some
others are not. The only change I made was publishing the dnssec records.
--
Curtis Maurand
curtis at maurand.com <mailto:curtis at maurand.com>
207-252-7748
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20151027/ebc2b653/attachment.html>
More information about the Pdns-users
mailing list