[ldns-users] Zone signed or not ?

François RONVAUX francois.ronvaux at gmail.com
Sun Apr 18 08:18:22 UTC 2021


I signed my zone and published the KSK and ZSK pub keys to my registrar.

When I check the zone with a "dig +dnssec mydomain.tld", the flag "ad" is
present and the RRSIG record is in the result.

The tool "dnssec-analyzer.verisignlabs.com" shows every check points with a
green mark.

But when I check the zone with the tool "dnsviz.net", the zone is graded
"INSECURE" for all type of records : SOA/TXT/MX/NS/A.

Do you have an idea where I did mistake ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20210418/af8c6f8b/attachment.htm>

More information about the ldns-users mailing list