problem validate key of isc dlv

fakessh @ fakessh at fakessh.eu
Sun Mar 20 21:33:42 UTC 2011 

and what do I do. 
and what is this other publication of another DS


Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit :
> In message <1300650238.6651.15.camel at localhost.localdomain>, "fakessh @" writes
> :
> > hello bind network and duru. 
> > 
> > I can not validate the key dlv via the website of the isc. 
> > I do not understand why the warning is the isc 
> > you have an explanation
> > SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR
> > 4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR
> > 4.502:SUCCESS 87.98.186.232 answered DNSKEY query with rcode NOERROR
> > 4.502:INFO Total answers: 3
> > 4.503:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.164.164
> > 4.504:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.186.232
> > 4.504:SUCCESS All DNSKEY responses are identical.
> > 4.515:DEBUG VERIFY-DNSKEY: Checking tag=10231 flags=257 alg=RSASHA1
> > AwEAAbwO...8fkjXphfS8=
> > 4.515:DEBUG VERIFY-DNSKEY: Ignoring key.
> > 4.515:DEBUG VERIFY-DNSKEY: Checking tag=30111 flags=256 alg=RSASHA1
> > AwEAAb1q...jG+UQeAtYE=
> > 4.515:DEBUG VERIFY-DNSKEY: Ignoring key.
> > 4.515:INFO VERIFY-DNSKEY: 2 DNSKEYs found.
> > 4.515:INFO VERIFY-DNSKEY: 0 keys found after filtering.
> > 4.515:DEBUG VERIFY-DNSKEY: Using keys:
> > 4.516:DEBUG VERIFY-DNSKEY: To verify rrset type DNSKEY
> > 4.516:FAILURE VERIFY-DNSKEY: No keys found after filtering.
> > 4.516:FAILURE DNSKEY signature did not validate.
> > 4.516:FINAL_FAILURE FAILURE
> 
> Based on the key tags and the truncated keys I think these keys are
> for fakessh.eu and if so there isn't a DLV record or a DS published
> for fakessh.eu.  The only other thing the validator can check against
> is any installed trust-anchor.
> 
> Mark
> 
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu.dlv.isc.org dlv
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48161
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu ds
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63623
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> 
> 
> > -- 
> > gpg --keyserver pgp.mit.edu --recv-key 092164A7
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
> > 
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110320/1ab921bf/attachment.bin>

More information about the bind-users mailing list