DNSSEC troubleshooting on a recursive server.
Alan Clegg
alan at clegg.com
Thu Aug 8 16:09:55 UTC 2013
On Aug 8, 2013, at 11:58 AM, Grant Keller <gkeller at corp.sonic.net> wrote:
> # dig +dnssec +cd zygo.com a
>
> ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.2 <<>> +dnssec +cd zygo.com a
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45711
> ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;zygo.com. IN A
>
> ;; ANSWER SECTION:
> zygo.com. 86400 IN A 50.28.48.60
>
> ;; AUTHORITY SECTION:
> zygo.com. 93100 IN NS pdns02.domaincontrol.com.
> zygo.com. 93100 IN NS pdns01.domaincontrol.com.
Somebody is stripping off DNSSEC records...
aclegg at redwood:~/Src/bind-9.9.3-P2$ dig zygo.com +dnssec
; <<>> DiG 9.9.3-P2 <<>> zygo.com +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38336
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;zygo.com. IN A
;; ANSWER SECTION:
zygo.com. 85958 IN A 50.28.48.60
zygo.com. 85958 IN RRSIG A 7 2 86400 20130812183056 20130728183056 19712 zygo.com. FbuZDfcptJtbOCxsCV+U3uQA+ETkrvhKAJrpVhlVMAGrYhgFBHWTvsgK 8ZY9DP7Chr8rXF8BXjr0zh06Fi62RJQiRuytFLN117kqJjXe4g/5q4l3 O9XsuF2WeDj3TudMeqcb6hxGstly34gfec/RZdktlogmJTSu5+t3BdwP myU=
;; AUTHORITY SECTION:
zygo.com. 3158 IN NS pdns01.domaincontrol.com.
zygo.com. 3158 IN NS pdns02.domaincontrol.com.
zygo.com. 3158 IN RRSIG NS 7 2 3600 20130812183056 20130728183056 19712 zygo.com. YTqpH1q+wSZCUGhjw0qKWRBGSARInipMqUEOg0IaM49rgSSynYPDDt01 7XOCpOnlZXSuiGv42yac/b3Se4gGHOfdyOHRncjiSmwL5vYlVhCBqUS3 qgPSnqYonqC7uxaVg7tQm0ErZpWFJiMMdHfs/HpLTKq5tnZfHflCkhWj si4=
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130808/9c3bba61/attachment.bin>
More information about the bind-users
mailing list