Re: dnssec dlv

itservices88 Thu, 20 May 2010 22:17:02 -0700

I missed the trusted key .......... Thanks

Here is the other output



# dig +cd +dnssec dlv.isc.org dnskey @localhost

; <<>> DiG 9.6.2-P1-RedHat-9.6.2-3.P1.fc12 <<>> +cd +dnssec
dlv.isc.orgdnskey @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63788
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;dlv.isc.org.                   IN      DNSKEY

;; ANSWER SECTION:
dlv.isc.org.            6752    IN      DNSKEY  256 3 5
BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7
GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9S
BdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBF tCibp/mkhw==
dlv.isc.org.            6752    IN      DNSKEY  257 3 5
BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh
dlv.isc.org.            6752    IN      RRSIG   DNSKEY 5 3 7200
20100620033002 20100521033002 19297 dlv.isc.org.
eEHtGjgatqIgxeCCcXJrZpaS5KzlWHbL/uNL9oqd/KnQwyVsqdZKhVR2
U9xcGmtu0GAUTdogSQvhzK92y1qF9FuLlmlBDc9pvLBCf5dc7kIJ61ey
vOZi18iZIv9+MyoE2ex/KfAHdHZUp3TUzgen7iGxba/yt9/dcJE6iFhz
Kk2FSxxG7PFgHRZZJl9aVxuPlNjCnm1gwnuvdKame73tZrlzAK3GBbTo
IEE2QSKs47glxhF5/Xka4UqYZ7wSvuCPG/xFn67FXVOHFQvZjNBxWX3V
H1jmoJhyLmpCI4JdwGBr7jwPDURDsL2iAUkfpPIuparlq6DwII3lzrqC gA1M6w==
dlv.isc.org.            6752    IN      RRSIG   DNSKEY 5 3 7200
20100620033002 20100521033002 64263 dlv.isc.org.
TbUCfqArddr/0K7NVhL+UNQuM2dDremcvzLbWz6odZzIwdC/MqHzzAj6
rbgHT+uwGZ6t+4ec5Hts9VWh+BEyx5pi6lnhKJjwcFwrXiBauppce11P
uWG3AiJZeiYoCWu2E4CqhpW96ZrycRQYehWfsmDsR1BCglVytxJwYUhT WMg=

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 20 21:52:59 2010
;; MSG SIZE  rcvd: 936


On Thu, May 20, 2010 at 6:45 PM, Mark Andrews <ma...@isc.org> wrote:

>
> In message <aanlktikyznh9_cgpb2efye_-yuu4n3bs75fwzp-jz...@mail.gmail.com>,
> itse
>  rvices88 writes:
> > Hi,
> >
> > Whenever i enable:
> >
> > dnssec-lookaside "." trust-anchor "DLV.ISC.ORG <http://dlv.isc.org/>";
> >
> > in the named.conf, restart bind, the dns resolution stops. One the same
> FC12
> > machine, dig using an outside dns server has no issues resolving with
> > +dnssec option. I am using bind 9.6.2 that came with FC12.
> >
> > Any thoughts ?
> >
> > -dani
>
> Have you added the trusted-keys clause for dlv.isc.org?
>
> trusted-keys {
>        dlv.isc.org. 257 3 5
> "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
> };
>
> Does "dig +cd +dnssec dlv.isc.org dnskey" return RRSIGS.
>
> e.g.
> ; <<>> DiG 9.3.6-P1 <<>> +cd +dnssec dlv.isc.org dnskey
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
> ;; flags: qr rd ra ad cd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;dlv.isc.org.                   IN      DNSKEY
>
> ;; ANSWER SECTION:
> dlv.isc.org.            2077    IN      DNSKEY  256 3 5
> BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7
> GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9S
> BdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBF tCibp/mkhw==
> dlv.isc.org.            2077    IN      DNSKEY  257 3 5
> BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
> brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
> 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
> ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
> Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
> QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh
> dlv.isc.org.            2077    IN      RRSIG   DNSKEY 5 3 7200
> 20100619164502 20100520164502 19297 dlv.isc.org.
> OKURcBkX5iiDC1q87HsSs2xDcDrMm5aPAlYHkPqkHCy7UyTOnCr6cwwN
> W42mdG4nmpURR4aDGiPlfc1lomE5kA5wOcXASgfMO8eQoOOIyZcBngOb
> WaE0KY+e/xU37kf7Ms7g6UxTnL+hcjbYgZf2rwN7J1RXf0Z5PfyyASXi
> ybf3iYGs7GusXgLZ0ZEWQh0zglo2ym56CVt2TbIljJFB0lzAvezos36R
> SWAYfLLsfGp3v9WfG7e3D8nLvbq5D7+K3IciELr73TVly924uwfAQeEa
> df40dVR6qyQ++/HWaGr1wOIGLQBRzTX8gKK9RlmcHHcIZo0EFPJo0mf7 Abqpxw==
> dlv.isc.org.            2077    IN      RRSIG   DNSKEY 5 3 7200
> 20100619164502 20100520164502 64263 dlv.isc.org.
> LZd6TanU48C2BNKZhuj4vMyquNE9mnbUmk9Zy+NbIKPmJ+h2uLq2EonO
> GfUkxku7ZPky9DnJ3O05gwcEbVrFDjqtK+hcweu7x+wu0OaXJNsVRJ69
> wQpQEkVNgoPNYsHQ6ru65ZwmOm8yRvr/1lXhbJId6j0Y2QZVXvCzVGuA 58Q=
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri May 21 11:45:00 2010
> ;; MSG SIZE  rcvd: 936
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
>

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec dlv

Reply via email to