[dns-operations] [DNSSEC] Bogus signature on secure.registry.be ?

Laurent Bauer l.bauer at mailclub.fr
Thu Dec 22 14:56:16 UTC 2011


Hello,

I can no longer resolve 'secure.registry.be', my validating resolver
(bind 9.7.3) returns SERVFAIL :

; <<>> DiG 9.7.1-P2 <<>> secure.registry.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32204
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

; <<>> DiG 9.7.1-P2 <<>> secure.registry.be +cd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24524
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 4

According to dnsviz, it has a bogus signature :
  http://dnsviz.net/d/secure.registry.be/dnssec/

I am not quite familiar with DNSSEC debugging yet, but I could not find
any problem (with dig/drill) neither in the trust chain, nor any expired
signature.
As far as I know, my resolver might as well have its cache poisoned,
though I flushed it an retried before posting this.

Can anyone confirm the problem ?
If so, does anyone have a contact with a DNS administrator at DnsBe ?

Thanks

	Laurent Bauer


More information about the dns-operations mailing list