problem validate key of isc dlv

fakessh @ fakessh at fakessh.eu
Sun Mar 20 22:40:25 UTC 2011 

Le dimanche 20 mars 2011 à 22:47 +0100, Torinthiel a écrit :
> On 03/20/11 22:33, fakessh @ wrote:
> > and what do I do. 
> 
> You have to add your key to ISC's DLV registry. Go to dlv.isc.org,
> create account, login, add a zone, add keys for it and publish a record
> in your zone validating that you're the owner of the zone. You will be
> told what to do after you create zone.
> 

that's what I did
I made ​​a post on my blog explaining how I do
goo.gl/EAbCB

> > and what is this other publication of another DS
> 
> I have no idea what do you mean by this sentence.
> Torinthiel
> 
> > 
> > 
> > Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit :
> >> In message <1300650238.6651.15.camel at localhost.localdomain>, "fakessh @" writes
> >> :
> >>> hello bind network and duru. 
> >>>
> >>> I can not validate the key dlv via the website of the isc. 
> >>> I do not understand why the warning is the isc 
> >>> you have an explanation
> >>> SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR
> >>> 4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR
> >>> 4.502:SUCCESS 87.98.186.232 answered DNSKEY query with rcode NOERROR
> >>> 4.502:INFO Total answers: 3
> >>> 4.503:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.164.164
> >>> 4.504:DEBUG COMPARE: Comparing results from 94.23.59.30 to 87.98.186.232
> >>> 4.504:SUCCESS All DNSKEY responses are identical.
> >>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=10231 flags=257 alg=RSASHA1
> >>> AwEAAbwO...8fkjXphfS8=
> >>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key.
> >>> 4.515:DEBUG VERIFY-DNSKEY: Checking tag=30111 flags=256 alg=RSASHA1
> >>> AwEAAb1q...jG+UQeAtYE=
> >>> 4.515:DEBUG VERIFY-DNSKEY: Ignoring key.
> >>> 4.515:INFO VERIFY-DNSKEY: 2 DNSKEYs found.
> >>> 4.515:INFO VERIFY-DNSKEY: 0 keys found after filtering.
> >>> 4.515:DEBUG VERIFY-DNSKEY: Using keys:
> >>> 4.516:DEBUG VERIFY-DNSKEY: To verify rrset type DNSKEY
> >>> 4.516:FAILURE VERIFY-DNSKEY: No keys found after filtering.
> >>> 4.516:FAILURE DNSKEY signature did not validate.
> >>> 4.516:FINAL_FAILURE FAILURE
> >>
> >> Based on the key tags and the truncated keys I think these keys are
> >> for fakessh.eu and if so there isn't a DLV record or a DS published
> >> for fakessh.eu.  The only other thing the validator can check against
> >> is any installed trust-anchor.
> >>
> >> Mark
> >>
> >> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu.dlv.isc.org dlv
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48161
> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >>
> >> ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu ds
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63623
> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >>
> >>
> >>
> >>> -- 
> >>> gpg --keyserver pgp.mit.edu --recv-key 092164A7
> >>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> bind-users mailing list
> >>> bind-users at lists.isc.org
> >>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110320/6fc8080e/attachment.bin>

More information about the bind-users mailing list