[Pdns-users] DNSSEC error
Brian Candler
b.candler at pobox.com
Fri Aug 18 09:56:28 UTC 2023
On 18/08/2023 10:12, Huber, Peter via Pdns-users wrote:
> Thank you, I understand, that our server is not authoritative for .de.
> bur it seems our zone is no longer signed, but it was signed in the past.
There's a DS record in the parent zone:
$ dig @a.nic.de. uni-wh.de. ds
uni-wh.de. 86400 IN DS 6632 14 2
16556A7A06EC51AF8317D1CEF7EBF9F78D6214B648D83D14007C7820 A2561AF0
Therefore, if the zone isn't signed, then your names wouldn't resolve
(by a DNSSEC-validating resolver). But it all looks fine to me:
$ dig @8.8.8.8 uni-wh.de. +dnssec +trace
; <<>> DiG 9.10.6 <<>> @8.8.8.8 uni-wh.de. +dnssec +trace
; (1 server found)
;; global options: +cmd
. 38984 IN NS a.root-servers.net.
. 38984 IN NS b.root-servers.net.
. 38984 IN NS c.root-servers.net.
. 38984 IN NS d.root-servers.net.
. 38984 IN NS e.root-servers.net.
. 38984 IN NS f.root-servers.net.
. 38984 IN NS g.root-servers.net.
. 38984 IN NS h.root-servers.net.
. 38984 IN NS i.root-servers.net.
. 38984 IN NS j.root-servers.net.
. 38984 IN NS k.root-servers.net.
. 38984 IN NS l.root-servers.net.
. 38984 IN NS m.root-servers.net.
. 38984 IN RRSIG NS 8 0 518400 20230830170000
20230817160000 11019 .
Oui2ZZOta0+GnD7/uTK7N4X7WljjlYNw65RFma/tLxhpfnaxCRntCdl0
ZH1p91FYWxOM0KimWnlUUivG3Xv4cbS4Bezj+4+tC1r1v3tPOGXKyvmV
wmprioRC0JV8gIIw5Y6kxXk7BABmYYctCqONfRNluxW1YIkqFaRz7lm/
VFsMxXG42Q/C2OB+o8a0zQHEAoRN7RnC29H2a6cpwM0NmFkLnKY3k1UH
hODGz0FUlEekGb99oaEhEj6GC+Khr0sHgdNCkMGaqSjtG+0m0LA4bDP+
66jebfxUFcIXyDKRny24qw5Xpnu/Zoq9GeYU6IC+kF5OlcOZ9/WGG/KE Q30F3g==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 55 ms
de. 172800 IN NS a.nic.de.
de. 172800 IN NS f.nic.de.
de. 172800 IN NS l.de.net.
de. 172800 IN NS n.de.net.
de. 172800 IN NS s.de.net.
de. 172800 IN NS z.nic.de.
de. 86400 IN DS 26755 8 2
F341357809A5954311CCB82ADE114C6C1D724A75C0395137AA397803 5425E78D
de. 86400 IN RRSIG DS 8 1 86400 20230831050000
20230818040000 11019 .
Pb4neoqNz+vSDNnOh9VFn/eCi9AOy7ZzL3QmZRO2k+xsBRCQZyezRRXp
+G8fowBatDtq8BSKrdHYNZmkENYUiVJ/bOIAZBdTzRYhg7B4nBrj/dqs
SdnL+dS/1LKFjI43ttXaoY1Ut3UPPTg+o0lV1c2Mdo50bcP6l6XBa9Dd
PHTr1Ww8QgDGgkEC0JrtoLemuQOKYDCNFQu3UY0Dg8dmS8Y7L2DjBry8
vOOd9UashIihFM5ZbLc2yRVNbq5bSc+mB1U/9+sM8h7SClSJMm0aAeB6
mWpflyCLLKEWYNu0aoLH6nfvSxTjfQoS2exhhUzioY+WaiK/IrI0b7PF rSBo1w==
;; Received 749 bytes from 193.0.14.129#53(k.root-servers.net) in 6 ms
uni-wh.de. 86400 IN NS dns-3.dfn.de.
uni-wh.de. 86400 IN NS dmz6.uni-wh.de.
uni-wh.de. 86400 IN DS 6632 14 2
16556A7A06EC51AF8317D1CEF7EBF9F78D6214B648D83D14007C7820 A2561AF0
uni-wh.de. 86400 IN RRSIG DS 8 2 86400 20230831065512
20230817052512 23418 de.
ZkkyTC5y59RsxU4WYmFF4VYm9WwZA6MjGUeKoNT2vJO+wEu+Cu2baqSg
Ty1Qu7jmW1Jq09lWJaVHLczVXQ8OaYygAxAeWZnceUoKJdy9+CrVQz/Q
9MxfmyoVgQ5Y+nllukSTCzhqf0hwg5Tys2NgytxpbrIBFxj5ve4dfyst 5vY=
;; Received 309 bytes from 194.246.96.1#53(z.nic.de) in 19 ms
uni-wh.de. 3600 IN A 193.175.243.73
uni-wh.de. 3600 IN RRSIG A 14 2 3600 20230831000000
20230810000000 6632 uni-wh.de.
jeJVLcdTgZTEAfbv1wIKrYFracW6//zzHwINZP4jM0hpdz+iYrmld7ss
uX2sU2ZfXlWClNY6GBd0GKD4yozlk8ZZHb6nnQu+k3TF+4Ti/vGO+XvY 2vcAgcMKstfeY/We
;; Received 191 bytes from 193.175.243.110#53(dmz6.uni-wh.de) in 27 ms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20230818/0c0adaca/attachment-0001.htm>
More information about the Pdns-users
mailing list