[dns-operations] Algorithm but no signature in .in?
Mark Andrews
marka at isc.org
Fri Mar 27 10:25:35 UTC 2020
> On 27 Mar 2020, at 18:52, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> On Fri, Mar 27, 2020 at 06:37:46PM +1100, Mark Andrews wrote:
>
>> BIND will *correctly* fail if NSEC3RSASHA1 is disabled in named.conf as
>> it also supports RSASHA256. India just stuffed up the key management.
>
> Is the TLD managed by Neustar? But perhaps not the master copy of the
> zone? In any case, perhaps it is already fixed? The latest SOA is
> signed with both algorithms:
>
> ; NoError AD=1
> in. IN SOA ns1.neustar.in. hostmaster at neustar.in. 1585295284 1800 300 1814400 1800
> in. IN RRSIG SOA 7 1 900 20200426074806 20200327064806 9182 in. <...>
> in. IN RRSIG SOA 8 1 900 20200426074806 20200327064806 65169 in. <…>
And the DNSKEY rrset is now signed with both.
in. 893 IN RRSIG DNSKEY 8 1 900 20200426081551 20200327071551 65169 in. oRFK0VjYAI6Bt5LvJhj78iApYHugSWu/Z1fcULRulIf4eDoOefqPnOnH seanEBlb0wzR+rQGZa1zlVM5dBtChiaqAB+s7CumqvxyVoD4fP50F/+Z Qb3fWs4F9mouG1KC/zvKnRuk/6U562SP1DItwmEJK2hcDyvFlXZZ2xt/ krY3W6ieEb44YwAvGcdvZy2hd/TgsRqPeWy/Ox2nSVML6g
20200327071551 indicates that it was just signed (now Fri 27 Mar 2020 10:16:30 UTC). When I checked at 06:58:00
it was not signed.
Mark
> --
> Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list