[dns-operations] DNSSEC validation failures for 54.in-addr.arpa
Matt Rowley
matt at arin.net
Mon Dec 19 17:19:25 UTC 2011
Hi Chris,
Thanks very much for alerting us to this problem. We've corrected the
DS record.
cheers,
Matt
Chris Thompson wrote:
> There seems to be a problem. The DS record in in-addr.arpa:
>
> $ dig +noall +answer +multi ds 54.in-addr.arpa @a.in-addr-servers.arpa
> 54.in-addr.arpa. 86400 IN DS 63306 5 1 (
> FEFD230E5FF2A7CB14D820658DBC58EAD326C8EA )
>
> doesn't match any of the DNSKEY records in the zone itself
>
> $ dig +noall +answer +multi dnskey 54.in-addr.arpa @z.arin.net
> 54.in-addr.arpa. 14400 IN DNSKEY 257 3 5 (
> BQEAAAABrbjX/Cb7kp9/5vmtmHZo9y0U1FozvbV9ZCEj
> Y0CbVKrQ8k2XfNR+ETLP/hMrBhTR9unLSDpDAldWjXuW
> itNImxVg2s03fCVsdRs/eu16NMoFale8Kyzgq5vB1sA+
> Qsm/rJY3DbDLgIYzg4f3JbteRctBbWR1HMsWROYSAE79
> SICSwGd8h+Pc+Ea1WmYzZoyLhtZcpIf4wPvogWsRQVpy
> G8kEGPHTFuJE8O7s9pOq9LLuH/49kPAMmQdVY+U7ho4R
> KQqhIWP6657xgnInWH5mIziDA1xl9cYt1awXveFLDRGm
> DmvCctTjVfcClHQO87XGxDh462JN99pwiBP+z+ts9w==
> ) ; key id = 64806
> 54.in-addr.arpa. 14400 IN DNSKEY 256 3 5 (
> BQEAAAABugs0Ryy9py2fOCWVbEdJg/WI7yV2TIwyCzyf
> q+wCxTINWfx0zoQ0hZubEz0Eh/WBd0JiwJRVyGGZjnGT
> 0dFQhfrxpBvEaaR1Rvaa9dtVzn8qXPWKxmdUkNIwi0Uo
> 6SECCysgX3JGI9T9hbTAIOtDqubcnJLXhzlAnkiFC0Lx
> EcU=
> ) ; key id = 64967
>
> http://dnssec-debugger.verisignlabs.com/54.in-addr.arpa agrees.
>
> [Cc'd to dns-ops at arin.net, nstld at iana.org]
>
More information about the dns-operations
mailing list