[dnssec] issue resolving unsigned child zone using DLV
Florian Weimer
fw at deneb.enyo.de
Sun Mar 15 11:54:27 UTC 2009
* Shane W.:
> Bind outputs:
> Mar 14 12:39:13 continuum named[2168]: no valid RRSIG resolving 'odyssey.csy.ca/NS/IN': 72.55.146.170#53
> Mar 14 12:39:13 continuum named[2168]: no valid RRSIG resolving 'odyssey.csy.ca/NS/IN': 96.49.174.96#53
> Mar 14 12:39:13 continuum named[2168]: no valid RRSIG resolving 'odyssey.csy.ca/NS/IN': 96.49.174.96#53
> Mar 14 12:39:13 continuum named[2168]: no valid RRSIG resolving 'odyssey.csy.ca/NS/IN': 72.55.146.170#53
> Mar 14 12:39:13 continuum named[2168]: no valid RRSIG resolving 'odyssey.csy.ca/NS/IN': 72.55.146.170#53
> Mar 14 12:39:13 continuum named[2168]: no valid RRSIG resolving 'odyssey.csy.ca/NS/IN': 96.49.174.96#53
I think the csy.ca zone has not been correctly signed:
; <<>> DiG 9.5.1-P1 <<>> @dme6.ns.csy.ca. odyssey.csy.ca +norecurse +dnssec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27092
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;odyssey.csy.ca. IN A
;; AUTHORITY SECTION:
odyssey.csy.ca. 86400 IN NS springtide.ca.
odyssey.csy.ca. 86400 IN NS odyssey.ns.csy.ca.
;; ADDITIONAL SECTION:
odyssey.ns.csy.ca. 3600 IN A 96.49.174.96
odyssey.ns.csy.ca. 3600 IN RRSIG A 7 4 3600 20090413192159 20090314192159 22004 csy.ca. WgtWJmq+fgkm7rH+9Dw996l/6M+qEwW6CQPcvTPZoF/kO6JlzrRYpuLK em8SMDTfjPZFtyvaMOYY1bQxj8M/WQ==
;; Query time: 737 msec
;; SERVER: 64.246.42.203#53(64.246.42.203)
;; WHEN: Sun Mar 15 12:44:39 2009
;; MSG SIZE rcvd: 211
There should be a signed NSEC record showing that the delegation is,
indeed, unsigned.
More information about the bind-users
mailing list