Re: [Sks-devel] key.ip6.li status

[Scott Grayban]

It is registered correctly. I just checked my dnssec registration at
https://dlv.isc.org/ - see attached screenshot.

Maybe its your server that isn't using the right dnssec server to
validate the dns records.

Regards,
Scott Grayban

 /"\
 \ /     ASCII RIBBON
  X        FIGHT BREAST CANCER
 / \


Christian Felsing said the following on 05/23/2011 01:36 PM:
> Seems there is still a servere DNS problem at domain borgnet.us, see
> dnscheck, dns server with strict configuration and dnssec validation do
> not resolve your domain.
> Please consider a review of your dns configuration.
>
> .us has dnssec signature, so either register your ksk at your registry,
> or do not use dnssec records. Same problem may occur to many .de domains
> if Denic sign .de zone with its offical key.
>
> $ dig +dnssec us.
>
> ; <<>> DiG 9.7.3 <<>> +dnssec us.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56365
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;us.                          IN      A
>
> ;; AUTHORITY SECTION:
> us.                   900     IN      SOA     a.cctld.us. 
> hostmaster.neustar.biz. 2005948660 900 900
> 604800 86400
> us.                   900     IN      RRSIG   SOA 5 1 900 20110622203440 
> 20110523193440 22622 us.
> F4TJlUKrv5MZjcD1cHqf+1WhaIgdfNTdukRIpgeVIPOIoJPFB+8XbZog
> d1Ry5pnKkBVUaxm/c7prAbdqpxlKKSSamVYgKjS5QqjEdSAKm/fuE0MW
> 5Vn8D5sHEz6Q63b4IwSFEGVdUV7KyQwpU8Q88/kietjlN2JSbcxYZtWm htM=
> us.                   900     IN      RRSIG   NSEC 5 1 86400 20110612115700 
> 20110513115013 22622
> us. idJC7rxrfogF5rnTrmrz/TBFnP5MAjoC7agdE4lhuMPWDDNlXhT/uDm/
> +4094m0lPXJSDjNWOiI8VySNAW1karuPZ9B8TQGqx/Pn8H8UCSYPKCm/
> Iyofiajb3G+2paZTjTTwW6t2TWkGaajz4MvUX04m0CP01F57h+5bG9qy clg=
> us.                   900     IN      NSEC    0-.us. NS SOA RRSIG NSEC DNSKEY 
> TYPE65534
>
> ;; Query time: 8 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon May 23 22:35:09 2011
> ;; MSG SIZE  rcvd: 483
>
> $ dig +dnssec borgnet.us.
>
> ; <<>> DiG 9.7.3 <<>> +dnssec borgnet.us.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12514
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;borgnet.us.                  IN      A
>
> ;; Query time: 1825 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon May 23 22:35:22 2011
> ;; MSG SIZE  rcvd: 39
>
> $
>
> Regards
> Christian Felsing
>
> Am 23.05.2011 22:15, schrieb Scott Grayban:
>   
>> So only the master/top peer servers shows ? Or does the pool rotate
>> every 15 levels ?
>>
>> At least yours is showing up in the "Servers currently not in the pool"
>> were as mine doesn't show up in either list.
>>
>> Regards,
>> Scott Grayban
>>
>>  /"\
>>  \ /     ASCII RIBBON
>>   X        FIGHT BREAST CANCER
>>  / \
>>
>>
>> Christian Felsing said the following on 05/23/2011 12:38 PM:
>>     
>>> Kristian (author of status tool) advised my to look at
>>> http://code.google.com/p/sks-keyservers-pool/source/browse/trunk/sks-keyservers.net/status-srv/sks.inc.php#104
>>> which shows a limitation of a recursion depth of 15. Server is scanned
>>> but funtion returns always false, so server is not added to list.
>>>
>>> So don't care about that...
>>>
>>> Christian
>>>
>>> Am 23.05.2011 18:17, schrieb Scott Grayban:
>>>   
>>>       
>>>> My server does not show up either.
>>>>     
>>>>         
>>>   
>>>       
>> _______________________________________________
>> Sks-devel mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>     
>
>

dnssec.png
Description: PNG image