>>
>> The real problem seems to be in .ch.
>
> It indeed does look like h.nic.ch is currently serving invalid denial of
> existence proofs.
I think you’re right, thanks to both of you!
I’ll contact SWITCH (the guys behind .ch) about the issue.
Thanks again & regards
Christian
signature.asc
On 9/17/18 10:46 AM, Stephane Bortzmeyer wrote:
>> • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the
>> SNAME (admin.ch).
>> • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the
>> SNAME (admin.ch).
>
> The real problem seems to be in .ch.
It
On Mon, Sep 17, 2018 at 08:39:38AM +,
Christian Renner wrote
a message of 23 lines which said:
> DNSViz always shows the same behaviour:
>
> http://dnsviz.net/d/onba.zkb.ch/dnssec/
> http://dnsviz.net/d/www.admin.ch/dnssec/
>
> Errors (3)
> • ./DNSKEY: No response was received
Hi
Since about 20 hours we see many dnssec validation errors on all of our pdns
recursors.
A few recent examples:
Sep 17 10:12:37 ac-rns2 pdns_recursor[24059]: Answer to onba.zkb.ch|A for
178.22.104.86:36796 validates as Bogus
Sep 17 10:12:25 ac-rns2 pdns_recursor[24059]: Answer to
I set up pdnssec for a rather critical zone xyonet.com. I then
published the ds records to opensrs using
pdnssec show-zone xyonet.com which got me:
DS = xyonet.com IN DS 31879 8 1 b0a50a1f2ec6d0a2e11c1a5152c674fc10a7366a
; ( SHA1 digest )
DS = xyonet.com IN DS 31879 8 2
Hello Curtis,
judging from this (historical, 20 minutes ago) analysis at
http://dnsviz.net/d/xyonet.com/Vi_5xg/dnssec/ you typed keyID 1 (instead
of 31879) into the form at your registrar, breaking things. Right now
mostly everything seems fine, I guess you fixed the DS records - except
Quick response from phone, try removing the GOST signature from parent zone, it
might be confusing things. No one uses that normally.
Bert
On Oct 27, 2015 23:18, Curtis Maurand wrote:
>
> I set up pdnssec for a rather critical zone xyonet.com. I then published the
>