Fakessh wrote: > the DS it is necessary that I contact OVH. > in the DLV conserne my problem I have this same recurring errors in the > script of the isc > that's my problem
I'll admit, I've had some problems guessing what the problem you're experiencing really is, there's been mentions of TSIG keys, DNSSEC, scripts etc. Please bear with me, English isn't my normal language, so perhaps I've misunderstood something. If I understand things correctly though, you're unable to get the DLV or DS records added, and the reason for that seems to be because your DNS setup doesn't pass a sanity check. Follow these steps, in this order, and correct these: 1) Two of your nameservers don't seem to do DNSSEC properly. I don't know which software they are running. If you want to use those nameservers for a DNSSEC signed domain, you'll need to get whoever manages those nameservers to make them DNSSEC capable. Depending on the software they're running, that might just be a configuration issue, or perhaps they'll need to upgrade to a more recent version of the software to get DNSSEC capabilities. The two nameservers that seem to need fixing are ns0.xname.org and ns2.xname.org. 2) When I check the delegation of the domain fakessh.eu, it's delegated to 4 nameservers. But when I check the NS records in your zone, it lists an additional 5th nameserver, ns2.xname.org. You should make sure the NS records in your zone match the delegation - perhaps just remove ns2.xname.org from your zonefile? 3) I'm not sure why, but if I do "dig any fakessh.eu @ns2.xname.org" I get a SERVFAIL back: eivind@vimes ~]$ dig any fakessh.eu @ns2.xname.org. ; <<>> DiG 9.6.-ESV-R3 <<>> any fakessh.eu @ns2.xname.org. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7693 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;fakessh.eu. IN ANY ;; Query time: 91 msec ;; SERVER: 2a01:e0b:1:64:240:63ff:fee8:6155#53(2a01:e0b:1:64:240:63ff:fee8:6155) ;; WHEN: Fri Mar 25 00:26:26 2011 ;; MSG SIZE rcvd: 28 Doing plain queries for A, AAAA or SOA for example seem to work just fine though..Am I doing something odd in this query, or is that nameserver really weird? 4) If you've sorted all the stuff above: now is the time to try to add the DS or DLV records. I'd not suggest you try this before the previous issues have been corrected. Regards Eivind Olsen eiv...@aminor.no _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
