Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2010-01-25 Thread Niobos
On 2009-12-10 08:49, Niobos wrote: Thank you very much for your help; I'll forward the conversation to the bug-tracking list. Since these are my first DNSSEC experiments, I just wanted to make sure that it wasn't a problem with my understanding of the concept. Niobos This has been confi

Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-10 Thread Niobos
Thank you very much for your help; I'll forward the conversation to the bug-tracking list. Since these are my first DNSSEC experiments, I just wanted to make sure that it wasn't a problem with my understanding of the concept. Niobos On 10 Dec 2009, at 00:59, Hauke Lampe wrote: > The signatures

Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-09 Thread Hauke Lampe
[I finally gave up on trying to get Thunderbird *not* to wrap long lines. Prefixing them with ">" seems to be the only way, even if confusing] Niobos wrote: >>> dig +dnssec removed.dnssec.dest-unreach.be >> Even though I have added your DNSKEY as trusted key, I get SERVFAIL on >> the first query

Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-09 Thread Niobos
>> Could you try this lookup? >> dig +dnssec removed.dnssec.dest-unreach.be > > I see now what you mean. > > Even though I have added your DNSKEY as trusted key, I get SERVFAIL on > the first query and NXDOMAIN on the second, without BIND doing any > additional outgoing queries. This is the same

Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-08 Thread Hauke Lampe
Niobos wrote: > As soon as I activate DLV (besides the manual SEP I entered), the "removed" > behaviour changes: > * First lookup still returns SERVFAIL > * Subsequent lookups now return NXDOMAIN with the AD flag *set*! (log > confirms that my domain is not in the DLV and hence is insecure) Tha

Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-08 Thread Niobos
On 08 Dec 2009, at 15:18, Hauke Lampe wrote: > Niobos wrote: > >> When requesting a lookup of "removed", I get a SERVFAIL as well. However, >> every subsequent request for "removed" gets an NXDOMAIN. (dig outputs below) >> Flushing the caches on the RR with "rndc flush" causes the first request t

Re: DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-08 Thread Hauke Lampe
Niobos wrote: > When requesting a lookup of "removed", I get a SERVFAIL as well. However, > every subsequent request for "removed" gets an NXDOMAIN. (dig outputs below) > Flushing the caches on the RR with "rndc flush" causes the first request to > be a SERVFAIL again. I cannot reproduce this b

DNSSEC Bogus NXDOMAIN survives authenticating RR

2009-12-07 Thread Niobos
Hi all, I'm having some problems with implementing DNSSEC with NSEC3. I'm fairly new to DNSSEC, so it is certainly possible that my understanding of the subject is causing me to miss something. Also, I'm not entirely sure this is the correct mailing list, more accurate pointers are welcome. Th