[ldns-users] Zone signed or not ?
Jaap Akkerhuis
jaap at NLnetLabs.nl
Sun Apr 18 10:17:10 UTC 2021
Anand Buddhdev via ldns-users writes:
> On 18/04/2021 10:18, François RONVAUX via ldns-users wrote:
>
> Hi François,
>
> > I signed my zone and published the KSK and ZSK pub keys to my registrar.
> >
> > When I check the zone with a "dig +dnssec mydomain.tld", the flag "ad" is
> > present and the RRSIG record is in the result.
> >
> > The tool "dnssec-analyzer.verisignlabs.com" shows every check points with a
> > green mark.
> >
> > But when I check the zone with the tool "dnsviz.net", the zone is graded
> > "INSECURE" for all type of records : SOA/TXT/MX/NS/A.
> >
> > Do you have an idea where I did mistake ?
>
> It's possible that you've signed your zone with an algorithm that dnsviz
> doesn't understand. But you did not tell us how you signed your zone.
> You also didn't tell us your domain name, so we can't check either. When
> you ask for help about DNS issues, don't obscure your domain. Provide as
> much information as possible, and people will be able to help you. Being
> obscure doesn't help.
What anand says, but, bseide that, dd you really hit "update now"?
That wil give you a fresh look instead of the latest from the history.
jaap
More information about the ldns-users
mailing list