Switch has a website to test the CDS processing for .ch: https://www.nic.ch/security/cds/
for domainmail.ch it says "The CDS configuration of the domain name domainmail.ch will not be processed. [ ... ] The DNS query returned: "Server failed to complete the DNS request". " You should check the requirements. You'd need to answer for three consecutive days, be consistent in all NS IP addresses, etc. Hugo On 15:11 09/04, Jim Popovitch via bind-users wrote: > On Fri, 2021-04-09 at 19:05 +0000, John W. Blue via bind-users wrote: > > So the issue here is that the DS record that sit in .ch has an ID of 22048 > > but the domainmail.ch servers are telling the world that the correct ID is > > 17870. > > > > Thus the DNSSEC breakage. > > Of course, however there is no 22048 id in Gandi (the Registrar), yet it > appears in .ch, and 17870 is still Active (as of this moment in time). > > What I can't figure out is how/when does .ch query the CDS/CDNSKEY data. > > I know that I can make the domain validate by manually putting a > keyid+data in Gandi, but the whole purpose of CDS/CDNSKEY is to not have > to do that, no? > > -Jim P. > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
