On 03/20/11 22:33, fakessh @ wrote: > and what do I do. You have to add your key to ISC's DLV registry. Go to dlv.isc.org, create account, login, add a zone, add keys for it and publish a record in your zone validating that you're the owner of the zone. You will be told what to do after you create zone.
> and what is this other publication of another DS I have no idea what do you mean by this sentence. Torinthiel > > > Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit : >> In message <[email protected]>, "fakessh @" >> writes >> : >>> hello bind network and duru. >>> >>> I can not validate the key dlv via the website of the isc. >>> I do not understand why the warning is the isc >>> you have an explanation >>> SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR >>> 4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR >>> 4.502:SUCCESS 87.98.186.232 answered DNSKEY query with rcode NOERROR >>> 4.502:INFO Total answers: 3 >>> 4.503:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.164.164 >>> 4.504:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.186.232 >>> 4.504:SUCCESS All DNSKEY responses are identical. >>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=10231 flags=257 alg=RSASHA1 >>> AwEAAbwO...8fkjXphfS8= >>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key. >>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=30111 flags=256 alg=RSASHA1 >>> AwEAAb1q...jG+UQeAtYE= >>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key. >>> 4.515:INFO VERIFY-DNSKEY: 2 DNSKEYs found. >>> 4.515:INFO VERIFY-DNSKEY: 0 keys found after filtering. >>> 4.515:DEBUG VERIFY-DNSKEY: Using keys: >>> 4.516:DEBUG VERIFY-DNSKEY: To verify rrset type DNSKEY >>> 4.516:FAILURE VERIFY-DNSKEY: No keys found after filtering. >>> 4.516:FAILURE DNSKEY signature did not validate. >>> 4.516:FINAL_FAILURE FAILURE >> >> Based on the key tags and the truncated keys I think these keys are >> for fakessh.eu and if so there isn't a DLV record or a DS published >> for fakessh.eu. The only other thing the validator can check against >> is any installed trust-anchor. >> >> Mark >> >> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu.dlv.isc.org dlv >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48161 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> >> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu ds >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63623 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> >> >> >>> -- >>> gpg --keyserver pgp.mit.edu --recv-key 092164A7 >>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 >>> >>> >>> >>> _______________________________________________ >>> bind-users mailing list >>> [email protected] >>> https://lists.isc.org/mailman/listinfo/bind-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
