[Pdns-users] DNSSEC-Problems on g.root-servers.net?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Sep 17 08:46:28 UTC 2018
On Mon, Sep 17, 2018 at 08:39:38AM +0000,
Christian Renner <christian.renner at iway.ch> wrote
a message of 23 lines which said:
> DNSViz always shows the same behaviour:
>
> http://dnsviz.net/d/onba.zkb.ch/dnssec/
> http://dnsviz.net/d/www.admin.ch/dnssec/
>
> Errors (3)
> • ./DNSKEY: No response was received from the server over UDP (tried 4 times). (2001:500:12::d0d, UDP_0_EDNS0_32768_512)
> • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the SNAME (admin.ch).
> • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the SNAME (admin.ch).
The first error seems to be a (probably temporary) IPv6 routing issue
between dnsviz.net and g.root-servers.net. It works for me, and,
anyway, this would not prevent validation.
The real problem seems to be in .ch.
More information about the Pdns-users
mailing list