Le dimanche 20 mars 2011 à 22:47 +0100, Torinthiel a écrit : > On 03/20/11 22:33, fakessh @ wrote: > > and what do I do. > > You have to add your key to ISC's DLV registry. Go to dlv.isc.org, > create account, login, add a zone, add keys for it and publish a record > in your zone validating that you're the owner of the zone. You will be > told what to do after you create zone. >
that's what I did I made a post on my blog explaining how I do goo.gl/EAbCB > > and what is this other publication of another DS > > I have no idea what do you mean by this sentence. > Torinthiel > > > > > > > Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit : > >> In message <1300650238.6651.15.camel@localhost.localdomain>, "fakessh @" > >> writes > >> : > >>> hello bind network and duru. > >>> > >>> I can not validate the key dlv via the website of the isc. > >>> I do not understand why the warning is the isc > >>> you have an explanation > >>> SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR > >>> 4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR > >>> 4.502:SUCCESS 87.98.186.232 answered DNSKEY query with rcode NOERROR > >>> 4.502:INFO Total answers: 3 > >>> 4.503:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.164.164 > >>> 4.504:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.186.232 > >>> 4.504:SUCCESS All DNSKEY responses are identical. > >>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=10231 flags=257 alg=RSASHA1 > >>> AwEAAbwO...8fkjXphfS8= > >>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key. > >>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=30111 flags=256 alg=RSASHA1 > >>> AwEAAb1q...jG+UQeAtYE= > >>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key. > >>> 4.515:INFO VERIFY-DNSKEY: 2 DNSKEYs found. > >>> 4.515:INFO VERIFY-DNSKEY: 0 keys found after filtering. > >>> 4.515:DEBUG VERIFY-DNSKEY: Using keys: > >>> 4.516:DEBUG VERIFY-DNSKEY: To verify rrset type DNSKEY > >>> 4.516:FAILURE VERIFY-DNSKEY: No keys found after filtering. > >>> 4.516:FAILURE DNSKEY signature did not validate. > >>> 4.516:FINAL_FAILURE FAILURE > >> > >> Based on the key tags and the truncated keys I think these keys are > >> for fakessh.eu and if so there isn't a DLV record or a DS published > >> for fakessh.eu. The only other thing the validator can check against > >> is any installed trust-anchor. > >> > >> Mark > >> > >> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu.dlv.isc.org dlv > >> ;; global options: +cmd > >> ;; Got answer: > >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48161 > >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > >> > >> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu ds > >> ;; global options: +cmd > >> ;; Got answer: > >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63623 > >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > >> > >> > >> > >>> -- > >>> gpg --keyserver pgp.mit.edu --recv-key 092164A7 > >>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 > >>> > >>> > >>> > >>> _______________________________________________ > >>> bind-users mailing list > >>> bind-users@lists.isc.org > >>> https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Description: Ceci est une partie de message numériquement signée
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
