Re: [Pdns-users] DNSSEC-Problems on g.root-servers.net?

2018-09-17 Thread Christian Renner
>> >> The real problem seems to be in .ch. > > It indeed does look like h.nic.ch is currently serving invalid denial of > existence proofs. I think you’re right, thanks to both of you! I’ll contact SWITCH (the guys behind .ch) about the issue. Thanks again & regards Christian signature.asc

Re: [Pdns-users] DNSSEC-Problems on g.root-servers.net?

2018-09-17 Thread Remi Gacogne
On 9/17/18 10:46 AM, Stephane Bortzmeyer wrote: >> • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the >> SNAME (admin.ch). >> • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the >> SNAME (admin.ch). > > The real problem seems to be in .ch. It

Re: [Pdns-users] DNSSEC-Problems on g.root-servers.net?

2018-09-17 Thread Stephane Bortzmeyer
On Mon, Sep 17, 2018 at 08:39:38AM +, Christian Renner wrote a message of 23 lines which said: > DNSViz always shows the same behaviour: > > http://dnsviz.net/d/onba.zkb.ch/dnssec/ > http://dnsviz.net/d/www.admin.ch/dnssec/ > > Errors (3) > • ./DNSKEY: No response was received

[Pdns-users] DNSSEC-Problems on g.root-servers.net?

2018-09-17 Thread Christian Renner
Hi Since about 20 hours we see many dnssec validation errors on all of our pdns recursors. A few recent examples: Sep 17 10:12:37 ac-rns2 pdns_recursor[24059]: Answer to onba.zkb.ch|A for 178.22.104.86:36796 validates as Bogus Sep 17 10:12:25 ac-rns2 pdns_recursor[24059]: Answer to

[Pdns-users] dnssec problems

2015-10-27 Thread Curtis Maurand
I set up pdnssec for a rather critical zone xyonet.com. I then published the ds records to opensrs using pdnssec show-zone xyonet.com which got me: DS = xyonet.com IN DS 31879 8 1 b0a50a1f2ec6d0a2e11c1a5152c674fc10a7366a ; ( SHA1 digest ) DS = xyonet.com IN DS 31879 8 2

Re: [Pdns-users] dnssec problems

2015-10-27 Thread Peter van Dijk
Hello Curtis, judging from this (historical, 20 minutes ago) analysis at http://dnsviz.net/d/xyonet.com/Vi_5xg/dnssec/ you typed keyID 1 (instead of 31879) into the form at your registrar, breaking things. Right now mostly everything seems fine, I guess you fixed the DS records - except

Re: [Pdns-users] dnssec problems

2015-10-27 Thread bert hubert
Quick response from phone, try removing the GOST signature from parent zone, it might be confusing things. No one uses that normally. Bert On Oct 27, 2015 23:18, Curtis Maurand wrote: > > I set up pdnssec for a rather critical zone xyonet.com.  I then published the >