On Wed, Dec 1, 2010 at 7:36 AM, John Williams <john.1...@yahoo.com> wrote: > I'm being told there is an RSA verification failure on the .US domain. I''m > getting details from the following; http://dnsviz.net/d/us/dnssec/ I have a > signed zone under us. How does this affect my domain and other signed zones > under .US? >
It shouldn't affect things, as it is currently configured, since the invalid signature is not a necessary link in the chain of trust. The SEP key (id=2058) matching the DS RRs properly authenticates the DNSKEY RRset, so the signature covering the DNSKEY RRset made by key 23777 is irrelevant. However, the fact that the signature is invalid might raise some eyebrows, as it might be a symptom of something else that may cause errors in the future. The .us support is probably the right group to ask about it. Casey _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
