It looks slightly more subtle than a straight failure. There is a DS
record in psc.gov pointing to key 180 in ha.psc.gov:-
>ha.psc.gov. 56 IN DS 180 7 1
>8A631C83457F4BDB3C450A725DFDB267C4BAC1CC
This points correctly to the key. However digest algorith 1 is now
Your using the wrong tools to troubleshoot or investigate this error.
Instead of relying upon resolvers to provide situational awareness you need to
inspect DNSSEC itself using dnsviz.net:
https://dnsviz.net/d/pms.psc.gov/dnssec/
psc.gov is giving the world ID 5089 when they need to handing
pms.psc.gov appears to be unresolvable against bind9.16.19
and 9.11.34 because of dnssec issues.
But it resolves against Cloudflare's 1.1.1.1, Google's 8.8.8.8, and an Unbound
resolver that does dnssec-validation.
There's a ticket open with nih.gov to look into it, but is there anything that
3 matches
Mail list logo
