-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Scott Grayban wrote, On 05/23/2011 10:15 PM:
So only the master/top peer servers shows ? Or does the pool rotate
every 15 levels ?
Only servers found within 15 hops of the core servers is added. I
might consider increasing this, but atm the
Ok that makes sense.
Regards,
Scott Grayban
/\
\ / ASCII RIBBON
XFIGHT BREAST CANCER
/ \
Kristian Fiskerstrand said the following on 05/24/2011 10:42 AM:
Scott Grayban wrote, On 05/23/2011 10:15 PM:
So only the master/top peer servers shows ? Or does the pool rotate
every
It is registered correctly. I just checked my dnssec registration at
https://dlv.isc.org/ - see attached screenshot.
Maybe its your server that isn't using the right dnssec server to
validate the dns records.
Regards,
Scott Grayban
/\
\ / ASCII RIBBON
XFIGHT BREAST CANCER
/ \
Hello,
I am not sure if there is a config problem in my SKS, but key.ip6.li is
not listed at http://sks-keyservers.net/status/. My status page looks
like e.g. keyserver.gingerbear.net, status auto update also works every
day at 5 a.m. (CET) (3 a.m. UTC).
In meta for keyserver.gingerbear.net
My server does not show up either.
On May 23, 2011 8:49 AM, Christian Felsing hostmas...@ip6.li wrote:
Hello,
I am not sure if there is a config problem in my SKS, but key.ip6.li is
not listed at http://sks-keyservers.net/status/. My status page looks
like e.g. keyserver.gingerbear.net,
Maybe you don't have the lookaside option set which is still recommended.
File /etc/bind/named.conf.options
options {
..
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
..
};
Running dig on my end answers
And you can also check my domain at
http://secspider.cs.ucla.edu/borgnet-us--zone.html which also says its
valid.
I have no idea how you got your bind setup but its obviously not correct.
Regards,
Scott Grayban
/\
\ / ASCII RIBBON
XFIGHT BREAST CANCER
/ \
Scott Grayban said
Hello Christian,
On 05/23/2011 05:49 PM, Christian Felsing wrote:
I am not sure if there is a config problem in my SKS, but key.ip6.li is
not listed at http://sks-keyservers.net/status/.
Your server is listed in http://sks.spodhuis.org/sks-peers
This has nothing to do with the DNS-pool, but
Don't know what to tell you then. I tested this on 4 other servers and
they all report the correct info, 2 in Germany, 1 in Netherland and the
other in UK and they all report the dnssec keys. As far as my testing
its working correctly.
Regards,
Scott Grayban
/\
\ / ASCII RIBBON
X
