Re: Testing KASP, CDS, and .ch

2021-04-10 Thread Jim Popovitch via bind-users
On Sat, 2021-04-10 at 13:18 +0200, Oli Schacher wrote: > Hi Jim > let me give you a bit more info > > > On April 9, 2021 8:23:48 PM UTC, Hugo Salgado wrote: > > > Switch has a website to test the CDS processing for .ch: > > > https://www.nic.ch/security/cds/ > > > > > > for domainmail.ch it

Re: Testing KASP, CDS, and .ch

2021-04-10 Thread Oli Schacher
Hi Jim let me give you a bit more info On April 9, 2021 8:23:48 PM UTC, Hugo Salgado wrote: Switch has a website to test the CDS processing for .ch: https://www.nic.ch/security/cds/ for domainmail.ch it says "The CDS configuration of the domain name domainmail.ch will not be processed. [

RE: Testing KASP, CDS, and .ch

2021-04-09 Thread Jim Popovitch via bind-users
On April 9, 2021 8:21:33 PM UTC, "John W. Blue via bind-users" wrote: >Sorry .. clicked send too soon. > >Found this via google: > >https://docs.gandi.net/en/domain_names/advanced_users/dnssec.html > >"You can not add DS keys as we compute it for you with the KSK or ZSK, then we >send it to the

Re: Testing KASP, CDS, and .ch

2021-04-09 Thread Jim Popovitch via bind-users
On April 9, 2021 8:23:48 PM UTC, Hugo Salgado wrote: >Switch has a website to test the CDS processing for .ch: > https://www.nic.ch/security/cds/ > >for domainmail.ch it says "The CDS configuration of the domain name >domainmail.ch will not be processed. >[ ... ] >The DNS query returned: "Server

Re: Testing KASP, CDS, and .ch

2021-04-09 Thread Hugo Salgado
Switch has a website to test the CDS processing for .ch: https://www.nic.ch/security/cds/ for domainmail.ch it says "The CDS configuration of the domain name domainmail.ch will not be processed. [ ... ] The DNS query returned: "Server failed to complete the DNS request". " You should check the

RE: Testing KASP, CDS, and .ch

2021-04-09 Thread John W. Blue via bind-users
M To: bind-users@lists.isc.org Subject: Re: Testing KASP, CDS, and .ch On Fri, 2021-04-09 at 19:05 +, John W. Blue via bind-users wrote: > So the issue here is that the DS record that sit in .ch has an ID of 22048 > but the domainmail.ch servers are telling the world that the correc

RE: Testing KASP, CDS, and .ch

2021-04-09 Thread John W. Blue via bind-users
then DNSSEC will be validated. John -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jim Popovitch via bind-users Sent: Friday, April 09, 2021 2:12 PM To: bind-users@lists.isc.org Subject: Re: Testing KASP, CDS, and .ch On Fri, 2021-04-09 at 19:05

Re: Testing KASP, CDS, and .ch

2021-04-09 Thread Jim Popovitch via bind-users
On Fri, 2021-04-09 at 19:05 +, John W. Blue via bind-users wrote: > So the issue here is that the DS record that sit in .ch has an ID of 22048 > but the domainmail.ch servers are telling the world that the correct ID is > 17870. > > Thus the DNSSEC breakage. Of course, however there is no

RE: Testing KASP, CDS, and .ch

2021-04-09 Thread John W. Blue via bind-users
Popovitch via bind-users Sent: Friday, April 09, 2021 1:58 PM To: bind-users@lists.isc.org Subject: Testing KASP, CDS, and .ch Hello! I've read the "Schacher 20200622 Support for and adoption of CDS in .ch and .li", and studied https://kb.isc.org/docs/dnssec-key-and-signing-policy, ho

Testing KASP, CDS, and .ch

2021-04-09 Thread Jim Popovitch via bind-users
Hello! I've read the "Schacher 20200622 Support for and adoption of CDS in .ch and .li", and studied https://kb.isc.org/docs/dnssec-key-and-signing-policy, however I've hita brick wall: https://dnsviz.net/d/domainmail.ch/dnssec/ What am I missing? I'm using the following policy and zone