[dns-operations] I do not understand this validation failure
Thomas Egrelius
thomas.egrelius at se.verizonbusiness.com
Mon Dec 26 09:22:02 UTC 2011
After posting this email I found out this is most probably caused by the
year-end bug in ldns discussed in a recent thread on opendnssec-users.
Zone have been resigned and looks better, although some rrsigs still have
the invalid signatures.
Sorry for the noice.
/Thomas
On Sun, 25 Dec 2011, Thomas Egrelius wrote:
> Hi all, hope you are enjoying the holidays.
>
> I have a question for you to think about when you get the time. One of the
> test domains used to test frequent key rollovers etc suddenly started to
> fail validation today. Without anyone doing any changes afaik - other than
> maybe an automatic ZSK rollover.
>
> The zone is nlsec.egge.se. As far as I can tell, everything is ok in the
> zone. The KSK is there, used for the DNSKEY RRSIG and all the signatures
> have valid timings. Still, all analyzers tell me the DNSKEY RRSIG do not
> validate. And it doesn't. I just don't understand why.
>
> It might me that just resigning may fix the issue, but before I do that
> I'd like a second oppinion and see if I can get an explanation of what's
> going on.
>
> So, whenever you feel for it and have the time, feel free to have a look.
>
> Thanks!
>
> /Thomas Egrelius
>
>
> Verizon Sweden AB - registrerat i Sverige med organisationsnummer 556489-1009 - huvudkontorets adress: Arm?gatan 38, Box 4127, 171 04 Solna, Sverige
>
>
>
>
> Verizon Sweden AB - registrerat i Sverige med organisationsnummer 556489-1009 - huvudkontorets adress: Arm?gatan 38, Box 4127, 171 04 Solna, Sverige
>
>
--
Thomas Egrelius
Server & Service Management - EMEA O&T
Verizon Business
Armegatan 38, 171 04 Solna, Sweden
Tel: +46 8 5661 7142 VNET: 915-7142
Verizon Sweden AB - registrerat i Sverige med organisationsnummer 556489-1009 - huvudkontorets adress: Armégatan 38, Box 4127, 171 04 Solna, Sverige
More information about the dns-operations
mailing list