[dns-operations] What's wrong with my domain?
Mohamed Lrhazi
ml623 at georgetown.edu
Wed Jul 2 11:56:10 UTC 2014
So many useful tips, thank you all.
gu.edu is, luckily, a test domain, and not production. I had enabled DNSSec
in our F5 GTM front ending DNS, and forgot about it. Seems I have to learn
that after a while keys are rolled over and I need to do some work about
it.... It makes DNSsec easy, but not that easy....
Thanks,
Mohamed.
On Wed, Jul 2, 2014 at 7:46 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>
wrote:
> On Wed, Jul 02, 2014 at 12:08:36PM +0100,
> Tony Finch <dot at dotat.at> wrote
> a message of 25 lines which said:
>
> > Your DS record doesn't match your DNSKEY records.
>
> The OP could also use the excellent DNSviz:
>
> http://dnsviz.net/d/gu.edu/U7Pp0g/dnssec/
>
> which rightly says:
>
> gu.edu/DNSKEY:DS RRs exist for algorithm(s) 7 in the edu zone, but no
> matching DNSKEYs of algorithm(s) 7 were used to sign the gu.edu DNSKEY
> RRset.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140702/b29e5c1f/attachment.html>
More information about the dns-operations
mailing list