[dns-operations] I do not understand this validation failure
Thomas Egrelius
thomas.egrelius at se.verizonbusiness.com
Sun Dec 25 22:20:07 UTC 2011
Hi all, hope you are enjoying the holidays.
I have a question for you to think about when you get the time. One of the
test domains used to test frequent key rollovers etc suddenly started to
fail validation today. Without anyone doing any changes afaik - other than
maybe an automatic ZSK rollover.
The zone is nlsec.egge.se. As far as I can tell, everything is ok in the
zone. The KSK is there, used for the DNSKEY RRSIG and all the signatures
have valid timings. Still, all analyzers tell me the DNSKEY RRSIG do not
validate. And it doesn't. I just don't understand why.
It might me that just resigning may fix the issue, but before I do that
I'd like a second oppinion and see if I can get an explanation of what's
going on.
So, whenever you feel for it and have the time, feel free to have a look.
Thanks!
/Thomas Egrelius
Verizon Sweden AB - registrerat i Sverige med organisationsnummer 556489-1009 - huvudkontorets adress: Armégatan 38, Box 4127, 171 04 Solna, Sverige
More information about the dns-operations
mailing list