In message <1300650238.6651.15.camel@localhost.localdomain>, "fakessh @" writes : > hello bind network and duru. > > I can not validate the key dlv via the website of the isc. > I do not understand why the warning is the isc > you have an explanation > SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR > 4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR > 4.502:SUCCESS 87.98.186.232 answered DNSKEY query with rcode NOERROR > 4.502:INFO Total answers: 3 > 4.503:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.164.164 > 4.504:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.186.232 > 4.504:SUCCESS All DNSKEY responses are identical. > 4.515:DEBUG VERIFY-DNSKEY: Checking tag=10231 flags=257 alg=RSASHA1 > AwEAAbwO...8fkjXphfS8= > 4.515:DEBUG VERIFY-DNSKEY: Ignoring key. > 4.515:DEBUG VERIFY-DNSKEY: Checking tag=30111 flags=256 alg=RSASHA1 > AwEAAb1q...jG+UQeAtYE= > 4.515:DEBUG VERIFY-DNSKEY: Ignoring key. > 4.515:INFO VERIFY-DNSKEY: 2 DNSKEYs found. > 4.515:INFO VERIFY-DNSKEY: 0 keys found after filtering. > 4.515:DEBUG VERIFY-DNSKEY: Using keys: > 4.516:DEBUG VERIFY-DNSKEY: To verify rrset type DNSKEY > 4.516:FAILURE VERIFY-DNSKEY: No keys found after filtering. > 4.516:FAILURE DNSKEY signature did not validate. > 4.516:FINAL_FAILURE FAILURE
Based on the key tags and the truncated keys I think these keys are for fakessh.eu and if so there isn't a DLV record or a DS published for fakessh.eu. The only other thing the validator can check against is any installed trust-anchor. Mark ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu.dlv.isc.org dlv ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48161 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu ds ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63623 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > -- > gpg --keyserver pgp.mit.edu --recv-key 092164A7 > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users