[dns-operations] Announcing the availability of 'validns', a DNS and DNSSEC zone file validator
Paul Wouters
paul at xelerance.com
Tue May 17 02:43:10 UTC 2011
On Tue, 17 May 2011, Anton Berezin wrote:
>>> I believe that all things you've noticed are now fixed:
Here is one more bug:
toronto.xelerance.org. 7200 IN NS ns0.xelerance.net.
7200 IN NS ns1.xelerance.net.
7200 IN NS ns2.xelerance.net.
3600 NSEC tun.xelerance.org. NS RRSIG NSEC
3600 RRSIG NSEC 5 3 3600 20110602081139 (
20110514051006 43124 xelerance.org.
RpWfauRBP78qhtW4+jBecseF9GaksD9rEjYx
X52NxYKuyPA4xbBVT8o2obgXPu2rOem1X+UC
KYg+6Fgj4n2Z8YzMouHtl0AYboeTkq+INixe
JymYjaeFiY4lcjO4kke8ReyT/AaBpOYZoSVq
mJRbBkCRb2ezDCp9h1piskgNXnc= )
tun.xelerance.org. 7200 IN NS tun.xelerance.org.
7200 A 193.110.157.149
3600 NSEC unknown.xelerance.org. NS RRSIG NSEC
3600 RRSIG NSEC 5 3 3600 20110525185334 (
20110505070313 43124 xelerance.org.
mPgQa/Lu+OK08q657Ko8x4Sw4KkV/0yZcP53
x8xAlG/t6yq4OMwnPxLTQ27IskdlmVtIMhwb
BSAC0CDUYNVVxxVnZhKdw2EG24IS1nM5X4LJ
puaHYz9E7/tVc75hrOoKJK+11/S26qEEAJVD
tRu7xGoI8WgQ5065yJKHxoyER5U= )
The A record is glue and should not be signed nor part of the RRSIG,
but validns claims:
xelerance.org.signed:677: A exists, but NSEC does not mention it for tun.xelerance.org.
Paul
More information about the dns-operations
mailing list