DNSKEY failure

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

DNSKEY failure

@lbutlr
So, with my test domain that is using dsnssec-policy default dnsviz reports

"DNSKEY: No response was received from the server over UDP"

But:

dig +norec +dnssec +bufsize=512 +ignore dnskey

Shows a DNSKEY record.

(There is no DNSKEY record shown on the domains still using auto-dnssec maintain; with alg-7 keys, but I think that is expected).

Is this a propagation issue, or is there something I need to do for "192.112.36.4, UDP_-_EDNS0_512_D_KN" to see the DNSKEY record?

example.com.          3600    IN      RRSIG   DNSKEY 13 2 3600 20210217190645 20210203180645 18434 example.com. {blah blah blah}


--
"Get your facts first, and then you can distort them as much as you
        please." - Mark Twain

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: DNSKEY failure

Matthijs Mekking
Hi,

On 05-02-2021 10:23, @lbutlr wrote:
> So, with my test domain that is using dsnssec-policy default dnsviz reports
>
> "DNSKEY: No response was received from the server over UDP"
>
> But:
>
> dig +norec +dnssec +bufsize=512 +ignore dnskey
>
> Shows a DNSKEY record.

It would be useful to also provide the dig output, and what domain it is
about.

Compare the output with the response you get when you dig your name servers.

Best regards,

Matthijs


> (There is no DNSKEY record shown on the domains still using auto-dnssec maintain; with alg-7 keys, but I think that is expected).
>
> Is this a propagation issue, or is there something I need to do for "192.112.36.4, UDP_-_EDNS0_512_D_KN" to see the DNSKEY record?
>
> example.com.          3600    IN      RRSIG   DNSKEY 13 2 3600 20210217190645 20210203180645 18434 example.com. {blah blah blah}
>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users