Hello, I stumbled in my resolver logs over validation failures with hollington.ca (I'm not related to them, it is just a weird case).
In short: bind and unbound fail to validate, Google, dnsviz ( http://dnsviz.net/d/hollington.ca/dnssec/ ) or dnssec-debugger ( http://dnssec-analyzer.verisignlabs.com/hollington.ca ) are fine. More detailed: delv complains with ;; validating hollington.ca/DNSKEY: no DNSKEY matching DS ;; validating hollington.ca/DNSKEY: no valid signature found (DS) which looks quite simple, however the KSK DNSKEY from hollington.ca is part of the DS set. The only notable part of the DS set is that it contains 4 keys, among which is an older (?) with a longer hash. Any idea why / where this fails? Gilles -- Fondation RESTENA - DNS-LU 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
