Quick response from phone, try removing the GOST signature from parent zone, it
might be confusing things. No one uses that normally.
Bert
On Oct 27, 2015 23:18, Curtis Maurand <[email protected]> wrote:
>
> I set up pdnssec for a rather critical zone xyonet.com. I then published the
> ds records to opensrs using
>
> pdnssec show-zone xyonet.com which got me:
>
> DS = xyonet.com IN DS 31879 8 1 b0a50a1f2ec6d0a2e11c1a5152c674fc10a7366a ; (
> SHA1 digest )
> DS = xyonet.com IN DS 31879 8 2
> cdc8a0e46d79fd2b391dcce9b5740ec5d1021d4eccc1038dbe97ef83b8703986 ; ( SHA256
> digest )
> DS = xyonet.com IN DS 31879 8 3
> 9621349b03aeda5ab8ffb9e71bf18a2d55491c1da41721447046f77394502d2a ; ( GOST R
> 34.11-94 digest )
> DS = xyonet.com IN DS 31879 8 4
> fd0a82a3a1cc67e0ca0b02a5d0ca661191c047788257a90477ffe75aeb5a0cc7d3768fed9997621a8d97d2951c8477e3
> ; ( SHA-384 digest )
>
> I published all 4 of the keys. Verisign comes back and give me the error:
> "The DNSKEY RRset was not signed by any keys in the chain-of-trust"
>
> Have I done something wrong, here? suddenly today google's public dns
> servers are not resolving anything on xyonet.com. level 3 is and some others
> are not. The only change I made was publishing the dnssec records.
>
>
> --
> Curtis Maurand
> [email protected]
> 207-252-7748
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
