SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #6520942
Ticket Status: Resolved

PoP: ittrn01 - ITgate (Torino)

DLV RR maybe outdated
[it] Shadow Hawkins on Saturday, 25 February 2012 13:33:53
today I tested the dnssec setup again. The DS record is set up correctly this time, but the cheking of the ds entry in the 1.0.8.1.4.1.1.0.0.2.ip6.arpa fails, because the dlv record for this zone is not matching the dnskey of the zone: dig -t dlv 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. @2001:4f8:0:2::20 ; <<>> DiG 9.8.0-P2 <<>> -t dlv 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. @2001:4f8:0:2::20 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27662 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. IN DLV ;; ANSWER SECTION: 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. 3600 IN DLV 14086 8 1 510F18BB6F182C99FEE418988B610F2A3C5EAD3C 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. 3600 IN DLV 14086 8 2 263B8C32E5D4060B81A510DD6B74E612AEFA1C7D49D9FB39828D25EE C60E3075 but according to dnssec-dsfromkey it should be 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. IN DLV 22366 8 1 21622EB30D0BEFB86BFE9BEE05CF6A7D3A7BE968 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. IN DLV 22366 8 2 24BED6D3F70759F8F0B4FE35AF3C8041D854ED7328D2DE17E18C6448 BF40B522 the DNSKEY with id 14086 is even missing and a key with ID 14214 is revoked, so i guess something with the ZSK rollover went wrong the symptoms now are that for every reverse lookup of any 2001:1418:100::/40 and 2001:1418:200::/40, I get a Server Fail response from my bind server, except my own subnet, because it is authoritative for this zone
DLV RR maybe outdated
[it] Shadow Hawkins on Saturday, 25 February 2012 13:42:19
sorry, i noted that 2.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. is ok, only 1.0.8.1.4.1.1.0.0.2.ip6.arpa.dlv.isc.org. is affected
State change: confirmed Locked
[ch] Jeroen Massar SixXS Staff on Sunday, 26 February 2012 14:24:04
Message is Locked
The state of this ticket has been changed to confirmed
State change: resolved Locked
[ch] Jeroen Massar SixXS Staff on Tuesday, 21 August 2012 00:35:24
Message is Locked
The state of this ticket has been changed to resolved

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker