[Pdns-users] dnssec problem

Steffan Noord steffannoord at gmail.com
Wed Feb 22 12:50:31 UTC 2017


I know
On the other hand i cant believe that SIDN sents false emails


Met vriendelijke groet,
Steffan Noord 


-----Oorspronkelijk bericht-----
Van: Arsen STASIC [mailto:arsen.stasic at univie.ac.at] 
Verzonden: woensdag 22 februari 2017 13:18
Aan: Steffan Noord <steffannoord at gmail.com>
CC: pdns-users at mailman.powerdns.com
Onderwerp: Re: [Pdns-users] dnssec problem

Hi,

Even http://dnsviz.net/d/cicgroup.nl/dnssec/ finds no problems!

I see no reason why SIDN indicates a validation error.

cheers
Arsen Stasic

* Steffan Noord <steffannoord at gmail.com> [2017-02-22 12:39 (+0100)]:
> Hello List,
> 
>  
> 
> Im getting a email from SIDN (dutch nl registry) with a validation error
> 
> validation failure <_sidn._dnssec-valcheck._2080627548.cicgroup.nl. A IN>:
No DNSKEY record for key cicgroup.nl. while building chain of trust
> 
>  
> 
> When im looking at the registry I see:
> 
> Keytag  37540
> 
> Vlag  257 (KSK)
> 
> Algoritme RSA/SHA-256 (8)
> 
> Publieke sleutel
AwEAAajn4T1mAUlfYO+mM68uR0wvUuvkIw+D7T6xDDZrfLJ..
> 
>  
> 
> In my DNS
> 
> pdnssec show-zone cicgroup.nl | grep ID
> 
> ID = 1396 (KSK), tag = 22639, algo = 8, bits = 2048     Active: 1 (
RSASHA256 )
> 
> ID = 1398 (KSK), tag = 49816, algo = 8, bits = 2048     Active: 1 (
RSASHA256 )
> 
> ID = 1401 (KSK), tag = 37540, algo = 8, bits = 2048     Active: 1 (
RSASHA256 )
> 
> ID = 1397 (ZSK), tag = 4929, algo = 8, bits = 1024      Active: 1 (
RSASHA256 )
> 
>  
> 
>  
> 
> Any idees what is wrong?
> 
> It has worked for a very long time without a error.
> 
>  
> 
> Just a sitenote I see that there are multiple keys enabled.
> Some other domains has only one.
> Is that correct?
> 
>  
> 
>  
> 
> Met vriendelijke groet,
> 
> Steffan Noord 
> 
>  
> 
>  
> 
> Met vriendelijke groet,
> 
> Steffan Noord 
> 
>  
> 



More information about the Pdns-users mailing list