Hello Curtis,
judging from this (historical, 20 minutes ago) analysis at
http://dnsviz.net/d/xyonet.com/Vi_5xg/dnssec/ you typed keyID 1 (instead
of 31879) into the form at your registrar, breaking things. Right now
mostly everything seems fine, I guess you fixed the DS records - except
dnsviz complaining about EDNS on your ns2. What version of PowerDNS are
you running on ns1 and ns2?
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
On 27 Oct 2015, at 23:18, Curtis Maurand wrote:
I set up pdnssec for a rather critical zone xyonet.com. I then
published the ds records to opensrs using
pdnssec show-zone xyonet.com which got me:
DS = xyonet.com IN DS 31879 8 1
b0a50a1f2ec6d0a2e11c1a5152c674fc10a7366a ; ( SHA1 digest )
DS = xyonet.com IN DS 31879 8 2
cdc8a0e46d79fd2b391dcce9b5740ec5d1021d4eccc1038dbe97ef83b8703986 ; (
SHA256 digest )
DS = xyonet.com IN DS 31879 8 3
9621349b03aeda5ab8ffb9e71bf18a2d55491c1da41721447046f77394502d2a ; (
GOST R 34.11-94 digest )
DS = xyonet.com IN DS 31879 8 4
fd0a82a3a1cc67e0ca0b02a5d0ca661191c047788257a90477ffe75aeb5a0cc7d3768fed9997621a8d97d2951c8477e3
; ( SHA-384 digest )
I published all 4 of the keys. Verisign comes back and give me the
error:
"The DNSKEY RRset was not signed by any keys in the chain-of-trust"
Have I done something wrong, here? suddenly today google's public dns
servers are not resolving anything on xyonet.com. level 3 is and some
others are not. The only change I made was publishing the dnssec
records.
--
Curtis Maurand
[email protected] <mailto:[email protected]>
207-252-7748
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
