[Pdns-users] dnssec problem
Arsen STASIC
arsen.stasic at univie.ac.at
Wed Feb 22 12:17:50 UTC 2017
Hi,
Even http://dnsviz.net/d/cicgroup.nl/dnssec/ finds no problems!
I see no reason why SIDN indicates a validation error.
cheers
Arsen Stasic
* Steffan Noord <steffannoord at gmail.com> [2017-02-22 12:39 (+0100)]:
> Hello List,
>
>
>
> Im getting a email from SIDN (dutch nl registry) with a validation error
>
> validation failure <_sidn._dnssec-valcheck._2080627548.cicgroup.nl. A IN>: No DNSKEY record for key cicgroup.nl. while building chain of trust
>
>
>
> When im looking at the registry I see:
>
> Keytag 37540
>
> Vlag 257 (KSK)
>
> Algoritme RSA/SHA-256 (8)
>
> Publieke sleutel AwEAAajn4T1mAUlfYO+mM68uR0wvUuvkIw+D7T6xDDZrfLJ..
>
>
>
> In my DNS
>
> pdnssec show-zone cicgroup.nl | grep ID
>
> ID = 1396 (KSK), tag = 22639, algo = 8, bits = 2048 Active: 1 ( RSASHA256 )
>
> ID = 1398 (KSK), tag = 49816, algo = 8, bits = 2048 Active: 1 ( RSASHA256 )
>
> ID = 1401 (KSK), tag = 37540, algo = 8, bits = 2048 Active: 1 ( RSASHA256 )
>
> ID = 1397 (ZSK), tag = 4929, algo = 8, bits = 1024 Active: 1 ( RSASHA256 )
>
>
>
>
>
> Any idees what is wrong?
>
> It has worked for a very long time without a error.
>
>
>
> Just a sitenote I see that there are multiple keys enabled.
> Some other domains has only one.
> Is that correct?
>
>
>
>
>
> Met vriendelijke groet,
>
> Steffan Noord
>
>
>
>
>
> Met vriendelijke groet,
>
> Steffan Noord
>
>
>
More information about the Pdns-users
mailing list