[dns-operations] [DNSSEC] Bogus signature on secure.registry.be ?
Laurent Bauer
l.bauer at mailclub.fr
Thu Dec 22 14:56:16 UTC 2011
Hello,
I can no longer resolve 'secure.registry.be', my validating resolver
(bind 9.7.3) returns SERVFAIL :
; <<>> DiG 9.7.1-P2 <<>> secure.registry.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32204
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
; <<>> DiG 9.7.1-P2 <<>> secure.registry.be +cd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24524
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 4
According to dnsviz, it has a bogus signature :
http://dnsviz.net/d/secure.registry.be/dnssec/
I am not quite familiar with DNSSEC debugging yet, but I could not find
any problem (with dig/drill) neither in the trust chain, nor any expired
signature.
As far as I know, my resolver might as well have its cache poisoned,
though I flushed it an retried before posting this.
Can anyone confirm the problem ?
If so, does anyone have a contact with a DNS administrator at DnsBe ?
Thanks
Laurent Bauer
More information about the dns-operations
mailing list