[dns-operations] TLD .law - non-signing KSK with referenced DS
Matthew Richardson
matthew-l at itconsult.co.uk
Fri Jan 14 10:09:04 UTC 2022
Having been looking at .law following what looks like a slightly
sub-optimal redelegation (now complete), I notice that Zonemaster is
reporting DNSSEC issues:-
https://www.zonemaster.fr/result/f9fcceaef969aea1
>DNSSEC ERROR The DNSKEY RRset is not signed by the DNSKEY with
>tag 16819 that the the DS record refers to.
whereas DNSViz reports no such problem:-
https://dnsviz.net/d/law/YeEwEg/dnssec/
Looking visually at the DNSViz output, the KSK 16819 does look strange as
it is referenced by a DS but does not sign anything.
Out of interest, do folks think this is a valid configuration?
Best wishes,
Matthew
More information about the dns-operations
mailing list