On 03/21/11 02:13, fakessh @ wrote: > Yes, I bothered to redeploy new keys, fields TXT, a new signature. > and more on a new rehabilitation isc dlv. > > > I still get the same error > > nb : Simply debuggers dnssec still provide all kinds of resultasts
And that's probably the main problem. Two of your nameservers have either disabled DNSSec, or don't support it at all: Correct answer: $ dig +dnssec +norecurse +noall +answer dnskey fakessh.eu @r13151.ovh.net. fakessh.eu. 38400 IN DNSKEY 257 3 5 AwEAAbwO9edhHAn00RfAzMEwBdcYK1fnP16vh9BXltHrdAesHRFJ7G0l tT4GyBgQcjFZyfk/HdHpnlDuT8fkjXphfS8= fakessh.eu. 38400 IN DNSKEY 256 3 5 AwEAAb1qeaah5D2pS+IcZiJiyZRA3KTgaV0/Sd8kSfzfbI3X45XZ7aLb tIoN/kLJc2G7qAdqnSmoiN+TojG+UQeAtYE= fakessh.eu. 38400 IN RRSIG DNSKEY 5 2 38400 20110419151040 20110320151040 10231 fakessh.eu. VeCJRPlvC6gr+3f/OuMCrFQR42oQkDxJ7nTfLcJMH2XwPyvBOdR/nv55 ZSs5wJ5Bl5CKAZjMRyWrUtM/wSGdTw== fakessh.eu. 38400 IN RRSIG DNSKEY 5 2 38400 20110419151040 20110320151040 30111 fakessh.eu. Y1DqOwGfRTxNdFruvOSalp8pVy+FWd/G+pqs+Qu4tkkLvanHcTisDSXA JqbKvZpRrwGoL9o+5wKwPisDDqtf6g== And incorrect (note missing RRSIGs): dig +dnssec +noall +answer dnskey fakessh.eu @ns0.xname.org. fakessh.eu. 38400 IN DNSKEY 257 3 5 AwEAAbwO9edhHAn00RfAzMEwBdcYK1fnP16vh9BXltHrdAesHRFJ7G0l tT4GyBgQcjFZyfk/HdHpnlDuT8fkjXphfS8= fakessh.eu. 38400 IN DNSKEY 256 3 5 AwEAAb1qeaah5D2pS+IcZiJiyZRA3KTgaV0/Sd8kSfzfbI3X45XZ7aLb tIoN/kLJc2G7qAdqnSmoiN+TojG+UQeAtYE= dig +dnssec +noall +answer dnskey fakessh.eu @ns2.xname.org. fakessh.eu. 38400 IN DNSKEY 256 3 5 AwEAAb1qeaah5D2pS+IcZiJiyZRA3KTgaV0/Sd8kSfzfbI3X45XZ7aLb tIoN/kLJc2G7qAdqnSmoiN+TojG+UQeAtYEA fakessh.eu. 38400 IN DNSKEY 257 3 5 AwEAAbwO9edhHAn00RfAzMEwBdcYK1fnP16vh9BXltHrdAesHRFJ7G0l tT4GyBgQcjFZyfk/HdHpnlDuT8fkjXphfS8A ISC doesn't publish your DLV record, because it has to see consistent view of your zone. And it doesn't as you have missing RRSIGS from some nameservers. Either convince admins to deploy DNSSec or drop those nameservers. Then it should work. Torinthiel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users