Configuring DNSSEC for child domains

Marco Davids (SIDN) marco.davids at sidn.nl
Mon May 6 14:59:37 UTC 2013 

Hi Jaap,

On 05/06/13 16:09, Jaap Winius wrote:

> 2.)  http://dnsviz.net/d/zuid.dapadam.nl/dnssec/
> 
> This shows two DS records in the parent zone, one not secure and one  
> bogus, and three DNSKEY records in the child zone, none of which are  
> secure.

Perhaps you could remove ns[12].transip.net from your NS-set and try
again? It seems as if these name servers are causing some problems.

(see attachment)

http://dnsviz.net/d/zuid.dapadam.nl/responses/

Regards,

--
Marco

-------------- next part --------------
 dig +dnssec DS zuid.dapadam.nl @ns2.transip.net.
;; Got bad packet: extra input data
424 bytes
07 95 84 00 00 01 00 03 00 00 00 01 04 7a 75 69          .............zui
64 07 64 61 70 61 64 61 6d 02 6e 6c 00 00 2b 00          d.dapadam.nl..+.
01 04 7a 75 69 64 07 64 61 70 61 64 61 6d 02 6e          ..zuid.dapadam.n
6c 00 00 2b 00 01 00 01 51 80 00 3a 00 00 08 01          l..+....Q..:....
00 00 00 05 00 00 00 00 00 00 00 00 00 00 27 63          ..............'c
32 65 31 38 37 63 30 62 64 31 33 32 37 62 37 65          2e187c0bd1327b7e
66 61 62 62 64 36 34 36 32 65 39 63 64 32 35 64          fabbd6462e9cd25d
35 34 31 35 39 37 04 7a 75 69 64 07 64 61 70 61          541597.zuid.dapa
64 61 6d 02 6e 6c 00 00 2b 00 01 00 01 51 80 00          dam.nl..+....Q..
53 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00          S...............
00 00 00 40 64 32 31 32 36 32 65 30 35 62 37 37          ... at d21262e05b77
66 66 33 61 30 39 39 38 33 65 38 37 30 30 37 32          ff3a09983e870072
61 64 63 66 34 63 65 31 61 30 64 66 38 63 33 36          adcf4ce1a0df8c36
36 38 36 36 33 30 31 64 65 66 63 34 61 65 34 33          6866301defc4ae43
35 32 64 33 04 7a 75 69 64 07 64 61 70 61 64 61          52d3.zuid.dapada
6d 02 6e 6c 00 00 2e 00 01 00 01 51 80 00 9e 00          m.nl.......Q....
2b 08 03 00 01 51 80 51 ab 44 ba 51 83 a9 aa da          +....Q.Q.D.Q....
55 07 64 61 70 61 64 61 6d 02 6e 6c 00 02 a3 b2          U.dapadam.nl....
3a 2a 8c 4f 39 7e ff 54 75 ff 0c fb c6 3d ac 5e          :*.O9..Tu....=.^
b3 a4 ec 0c 52 32 e7 f5 1c a6 89 fe 4a b4 a8 fb          ....R2......J...
98 17 7f b3 68 f1 c8 5c a0 af bc cc 7a 76 e4 26          ....h..\....zv.&
d8 b5 e4 f7 9e 1b e9 0d b9 b5 14 91 ae 85 af cf          ................
35 c0 d3 4b a1 0f ec b4 cf 81 ad f9 7d 0e bc c3          5..K........}...
68 77 6d ac 83 27 79 1b 97 8b 2d 2f 06 d6 1a dd          hwm..'y...-/....
d2 72 be 4c 4e 87 61 60 68 8f 06 11 f4 c8 04 25          .r.LN.a`h......%
d1 38 63 c5 96 e6 4c 4d b4 f3 12 49 d5 00 00 29          .8c...LM...I...)
10 00 00 00 80 00 00 00                                  ........
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4438 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130506/8b94686e/attachment.bin>

More information about the bind-users mailing list