So many useful tips, thank you all. gu.edu is, luckily, a test domain, and not production. I had enabled DNSSec in our F5 GTM front ending DNS, and forgot about it. Seems I have to learn that after a while keys are rolled over and I need to do some work about it.... It makes DNSsec easy, but not that easy....
Thanks, Mohamed. On Wed, Jul 2, 2014 at 7:46 AM, Stephane Bortzmeyer <[email protected]> wrote: > On Wed, Jul 02, 2014 at 12:08:36PM +0100, > Tony Finch <[email protected]> wrote > a message of 25 lines which said: > > > Your DS record doesn't match your DNSKEY records. > > The OP could also use the excellent DNSviz: > > http://dnsviz.net/d/gu.edu/U7Pp0g/dnssec/ > > which rightly says: > > gu.edu/DNSKEY:DS RRs exist for algorithm(s) 7 in the edu zone, but no > matching DNSKEYs of algorithm(s) 7 were used to sign the gu.edu DNSKEY > RRset. >
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
