Am 07.02.2018 um 12:07 schrieb Matus UHLAR - fantomas:
On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
what's the difference, when the domain doesn't exist?
is it because .eu is signed?
On 06.02.18 16:35, Ray Bellis wrote:
Perhaps, although I'm not sure why given that .eu is signed with NSEC3
and opt-out.
Are you *sure* that the domain doesn't now actually exist in the DNS?
yes. even web whois shows no 'nameserver' information.
the name is "testa.eu".
I'm not good at dnssec to find out more
probably it's just a stupid idea to have no namservers instead some
fake-nameserver without DS records when you override the domain locally
anyways
my "rhsoft.net" domain on local networks also has nothing in common with
the public nameservers
https://dnssec-debugger.verisignlabs.com/testa.eu
Found 3 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
DS=19036/SHA-256 verifies DNSKEY=19036/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=19036 and DNSKEY=19036/SEP verifies the DNSKEY RRset
eu
Found 1 DS records for eu in the . zone
DS=59479/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=41824 and DNSKEY=41824 verifies the DS RRset
Found 2 DNSKEY records for eu
DS=59479/SHA-256 verifies DNSKEY=59479/SEP
Found 2 RRSIGs over DNSKEY RRset
RRSIG=43743 and DNSKEY=43743 verifies the DNSKEY RRset
Zone eu (2600:2000:3004::1) returns NXDOMAIN for testa.eu
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
