sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] key.ip6.li status

From: Scott Grayban
Subject: Re: [Sks-devel] key.ip6.li status
Date: Mon, 23 May 2011 14:14:48 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.23) Gecko/20090812 Lightning/0.9.4-Inverse Thunderbird/2.0.0.23 Mnenhy/0.7.5.0 
Maybe you don't have the lookaside option set which is still recommended.

File /etc/bind/named.conf.options

options {
        ......
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside . trust-anchor dlv.isc.org.;
        ......
};

Running dig on my end answers the correct keys...

address@hidden www]
# dig +dnssec borgnet.us

; <<>> DiG 9.7.3 <<>> +dnssec borgnet.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52126
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 15

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;borgnet.us.                    IN      A

;; ANSWER SECTION:
borgnet.us.             38400   IN      A       71.32.15.193
borgnet.us.             38400   IN      RRSIG   A 5 2 38400
20110616215223 20110517215223 6948 borgnet.us.
tazIbmkFYT1JRsRfJboZxTCLn7e5MXMKovpzPPlghUD6blAGNRy4oxav
uv/DePPiiPdNpxE8U/it8sBSYL52ljDUk5q9ZgJxv/hRrUNSvphKCnRL
OniDRMsIfIzJd7pdGt1J2FOQBSxKnI+nLXkmDOCj1MfDhECohTMNAwts
7/JojuTU9Iv/o+YruDofUqo/PFpSeCZPaHmvhXlJAbaHqQ==

;; AUTHORITY SECTION:
borgnet.us.             38400   IN      NS      ns2.borgnet.us.
borgnet.us.             38400   IN      NS      spock.borgnet.org.
borgnet.us.             38400   IN      NS      ns1.rollernet.us.
borgnet.us.             38400   IN      NS      ns3.borgnet.us.
borgnet.us.             38400   IN      NS      ns2.rollernet.us.
borgnet.us.             38400   IN      NS      ns1.borgnet.us.
borgnet.us.             38400   IN      NS      ns4.borgnet.us.
borgnet.us.             38400   IN      RRSIG   NS 5 2 38400
20110616215223 20110517215223 6948 borgnet.us.
r04JZZ687rB7E2s4YbnlNYrhhPr5OMeBaIB0VkuC3kY0AOUQVFrO4EKe
M+N9W7lpknraDdU1/tPONnrdYQ1/kM9UZxblxMYy4+CvNDrR8eJoV3pD
Dc68DnkusziAmzGCYb/LwJM8Bo5qkGc73rJs5DbrvjMrx5SrKXExhrS0
3hmA7/rUI4kw9+ouMmJtuKL/MJGP0Y+b1XP4Uel8s+intQ==

;; ADDITIONAL SECTION:
ns1.borgnet.us.         38400   IN      A       71.32.15.200
ns1.borgnet.us.         38400   IN      AAAA    2001:470:1f00:3480::1
ns2.borgnet.us.         38400   IN      A       71.32.15.197
ns2.borgnet.us.         38400   IN      AAAA    2001:5c0:92e8::1
ns3.borgnet.us.         38400   IN      A       71.32.15.193
ns3.borgnet.us.         38400   IN      AAAA    2001:470:1f01:232::1
ns4.borgnet.us.         38400   IN      A       139.142.45.165
ns1.borgnet.us.         38400   IN      RRSIG   A 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
Jjawi5B0MqUgX8zvChiFcE9oO7qF4kkrQ/8k0SWv6Q9xb2Y4b3R52xbb
zRh8HeL5OaRBMs1ljxGEH9byrS9wjf0boXpVeXSM4sapEwMKIY97+uCE
5UJAQzgOnYhbC4sa9rQOm3c3u4rcOhdox2A5HUeWYYbNM4ZC+pJuPbfu
XKta45g8fybX9MH79coX/3GWa9SSMCloFBs54W3UUbz37Q==
ns1.borgnet.us.         38400   IN      RRSIG   AAAA 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
Wiu/5NNYMszl9vQAYuDK33xLoj0dpVpZDblsdrdA1QOah1W6sMaJwTop
0Sng04lqrALL0Thi1TQuQCqYJo/ZNiRrpCoYIRuY8RcuqZYDdJPfXvnF
MScZruz80x8p18F+ye1bkJkloAtk7zZBziWfUKn0kAcFGRHPO4Njt3na
sBW/HqGWsIs2eR5+8f01Zhjv1FdiEXjWQxWwwRs8jkD9WA==
ns2.borgnet.us.         38400   IN      RRSIG   A 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
jKmYdQkeY/h6XKJob52Bf9uTdZGRIJyKKwLdP3kTvsNrvr9LdWhh2AdD
CTsv3u6WiNHMInrPvI4upIhFntJOyUXNZ4S2g74orp3aGEi0LH79txKQ
hRVod4V86B+gcFrIMZ+6Kd+MT/szTWuFx+QdmEdJV1LQKRvH4BUdt27f
PMbWt9XaTFo6+tvjgR5WQ4JiQi7WQKHhCJx1wzsf0Wxd7A==
ns2.borgnet.us.         38400   IN      RRSIG   AAAA 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
aVUYaNWMiTVc/SOmzSKuIvR4hl/aZgvRE0ifSUpFYuJM126HvAPbbhWg
rMCbtOR9YdZhFP7gsiPNXUZr0w17CvgmGG9nbiX72WhyTuA6/fohrBRB
QyBmOReXqkAXgMRhpWefqnl3cHe+xGXsHb6SDy82CACANrkprqliPy7t
EBefOXEo1sg2MPzH54qL3+RjICCYztBI8JgqZDApvy+UAg==
ns3.borgnet.us.         38400   IN      RRSIG   A 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
Slt2hcJNM0mWQScGBiwtuChuyvbLcIkHGVPlEZyjmPnVXB9uxDbmLDw7
U5jkgOxKW/iiPs1gIv65zJbJK4zZd4xmAfQ/9ucQUcM1ZMQHORa70npA
HgZIHJpXBlfv01HegrSZJAl9EFkiZ/NxWKWeJf+c5rASQkRVup7iuYto
6233pWPsX0KP0bAeoBnzZlEt7K5VEsG2ancqkBfAvUhZUg==
ns3.borgnet.us.         38400   IN      RRSIG   AAAA 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
ZMXGi+Ol2/tTMwtI2v6p20h1KUhxRmqVRugTW62J/mdaW39IKqQUGxVJ
TtiNKYAYRb7+SAUBVXJjaUzDMdF4yYrkRI0VvPmGtErmSzhe4nn1F2aS
sAmziMZETwPzCM3l5jwnblqioNJhYgB7tFpAVy5lJh9JmYqBqpHRBQWR
b4icpkAW48zETdoOP+fBxwTd2YETYnzlb/MY5gN4D6C4zg==
ns4.borgnet.us.         38400   IN      RRSIG   A 5 3 38400
20110616215223 20110517215223 6948 borgnet.us.
Wd51LW+nUD1wDjYgx3Vswdj9WOJVW29KdvAUO9swZPQf4rg1QBJ1DpTx
zH6yEb9DowH7pG1kc8k3uuGxRiZhC4aL6Fb4Sy4jlZGSOmTgEBtBs17L
zeCOGkNQx34sy8FC4FnAXbQRm0H0TYJzv1FFiuFS5f+NOSrj065MYmSP
6Y3vrh0cQrrisOAa7rF/iMacQQlaI5kqiDKJ2/1JF6ZyQQ==

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 23 14:09:43 2011
;; MSG SIZE  rcvd: 2170

Regards,
Scott Grayban

 /"\
 \ /     ASCII RIBBON
  X        FIGHT BREAST CANCER
 / \


Scott Grayban said the following on 05/23/2011 01:57 PM:
> It is registered correctly. I just checked my dnssec registration at
> https://dlv.isc.org/ - see attached screenshot.
>
> Maybe its your server that isn't using the right dnssec server to
> validate the dns records.
>
> Regards,
> Scott Grayban
>
>  /"\
>  \ /     ASCII RIBBON
>   X        FIGHT BREAST CANCER
>  / \
>
>
> Christian Felsing said the following on 05/23/2011 01:36 PM:
>   
>> Seems there is still a servere DNS problem at domain borgnet.us, see
>> dnscheck, dns server with strict configuration and dnssec validation do
>> not resolve your domain.
>> Please consider a review of your dns configuration.
>>
>> .us has dnssec signature, so either register your ksk at your registry,
>> or do not use dnssec records. Same problem may occur to many .de domains
>> if Denic sign .de zone with its offical key.
>>
>> $ dig +dnssec us.
>>
>> ; <<>> DiG 9.7.3 <<>> +dnssec us.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56365
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 4096
>> ;; QUESTION SECTION:
>> ;us.                         IN      A
>>
>> ;; AUTHORITY SECTION:
>> us.                  900     IN      SOA     a.cctld.us. 
>> hostmaster.neustar.biz. 2005948660 900 900
>> 604800 86400
>> us.                  900     IN      RRSIG   SOA 5 1 900 20110622203440 
>> 20110523193440 22622 us.
>> F4TJlUKrv5MZjcD1cHqf+1WhaIgdfNTdukRIpgeVIPOIoJPFB+8XbZog
>> d1Ry5pnKkBVUaxm/c7prAbdqpxlKKSSamVYgKjS5QqjEdSAKm/fuE0MW
>> 5Vn8D5sHEz6Q63b4IwSFEGVdUV7KyQwpU8Q88/kietjlN2JSbcxYZtWm htM=
>> us.                  900     IN      RRSIG   NSEC 5 1 86400 20110612115700 
>> 20110513115013 22622
>> us. idJC7rxrfogF5rnTrmrz/TBFnP5MAjoC7agdE4lhuMPWDDNlXhT/uDm/
>> +4094m0lPXJSDjNWOiI8VySNAW1karuPZ9B8TQGqx/Pn8H8UCSYPKCm/
>> Iyofiajb3G+2paZTjTTwW6t2TWkGaajz4MvUX04m0CP01F57h+5bG9qy clg=
>> us.                  900     IN      NSEC    0-.us. NS SOA RRSIG NSEC DNSKEY 
>> TYPE65534
>>
>> ;; Query time: 8 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon May 23 22:35:09 2011
>> ;; MSG SIZE  rcvd: 483
>>
>> $ dig +dnssec borgnet.us.
>>
>> ; <<>> DiG 9.7.3 <<>> +dnssec borgnet.us.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12514
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 4096
>> ;; QUESTION SECTION:
>> ;borgnet.us.                 IN      A
>>
>> ;; Query time: 1825 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon May 23 22:35:22 2011
>> ;; MSG SIZE  rcvd: 39
>>
>> $
>>
>> Regards
>> Christian Felsing
>>
>> Am 23.05.2011 22:15, schrieb Scott Grayban:
>>   
>>     
>>> So only the master/top peer servers shows ? Or does the pool rotate
>>> every 15 levels ?
>>>
>>> At least yours is showing up in the "Servers currently not in the pool"
>>> were as mine doesn't show up in either list.
>>>
>>> Regards,
>>> Scott Grayban
>>>
>>>  /"\
>>>  \ /     ASCII RIBBON
>>>   X        FIGHT BREAST CANCER
>>>  / \
>>>
>>>
>>> Christian Felsing said the following on 05/23/2011 12:38 PM:
>>>     
>>>       
>>>> Kristian (author of status tool) advised my to look at
>>>> http://code.google.com/p/sks-keyservers-pool/source/browse/trunk/sks-keyservers.net/status-srv/sks.inc.php#104
>>>> which shows a limitation of a recursion depth of 15. Server is scanned
>>>> but funtion returns always false, so server is not added to list.
>>>>
>>>> So don't care about that...
>>>>
>>>> Christian
>>>>
>>>> Am 23.05.2011 18:17, schrieb Scott Grayban:
>>>>   
>>>>       
>>>>         
>>>>> My server does not show up either.
>>>>>     
>>>>>         
>>>>>           
>>>>   
>>>>       
>>>>         
>>> _______________________________________________
>>> Sks-devel mailing list
>>> address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>     
>>>       
>>   
>>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]