[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] key.ip6.li status
From: |
Scott Grayban |
Subject: |
Re: [Sks-devel] key.ip6.li status |
Date: |
Mon, 23 May 2011 14:45:56 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.23) Gecko/20090812 Lightning/0.9.4-Inverse Thunderbird/2.0.0.23 Mnenhy/0.7.5.0 |
And you can also check my domain at
http://secspider.cs.ucla.edu/borgnet-us--zone.html which also says its
valid.
I have no idea how you got your bind setup but its obviously not correct.
Regards,
Scott Grayban
/"\
\ / ASCII RIBBON
X FIGHT BREAST CANCER
/ \
Scott Grayban said the following on 05/23/2011 01:57 PM:
> It is registered correctly. I just checked my dnssec registration at
> https://dlv.isc.org/ - see attached screenshot.
>
> Maybe its your server that isn't using the right dnssec server to
> validate the dns records.
>
> Regards,
> Scott Grayban
>
> /"\
> \ / ASCII RIBBON
> X FIGHT BREAST CANCER
> / \
>
>
> Christian Felsing said the following on 05/23/2011 01:36 PM:
>
>> Seems there is still a servere DNS problem at domain borgnet.us, see
>> dnscheck, dns server with strict configuration and dnssec validation do
>> not resolve your domain.
>> Please consider a review of your dns configuration.
>>
>> .us has dnssec signature, so either register your ksk at your registry,
>> or do not use dnssec records. Same problem may occur to many .de domains
>> if Denic sign .de zone with its offical key.
>>
>> $ dig +dnssec us.
>>
>> ; <<>> DiG 9.7.3 <<>> +dnssec us.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56365
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 4096
>> ;; QUESTION SECTION:
>> ;us. IN A
>>
>> ;; AUTHORITY SECTION:
>> us. 900 IN SOA a.cctld.us.
>> hostmaster.neustar.biz. 2005948660 900 900
>> 604800 86400
>> us. 900 IN RRSIG SOA 5 1 900 20110622203440
>> 20110523193440 22622 us.
>> F4TJlUKrv5MZjcD1cHqf+1WhaIgdfNTdukRIpgeVIPOIoJPFB+8XbZog
>> d1Ry5pnKkBVUaxm/c7prAbdqpxlKKSSamVYgKjS5QqjEdSAKm/fuE0MW
>> 5Vn8D5sHEz6Q63b4IwSFEGVdUV7KyQwpU8Q88/kietjlN2JSbcxYZtWm htM=
>> us. 900 IN RRSIG NSEC 5 1 86400 20110612115700
>> 20110513115013 22622
>> us. idJC7rxrfogF5rnTrmrz/TBFnP5MAjoC7agdE4lhuMPWDDNlXhT/uDm/
>> +4094m0lPXJSDjNWOiI8VySNAW1karuPZ9B8TQGqx/Pn8H8UCSYPKCm/
>> Iyofiajb3G+2paZTjTTwW6t2TWkGaajz4MvUX04m0CP01F57h+5bG9qy clg=
>> us. 900 IN NSEC 0-.us. NS SOA RRSIG NSEC DNSKEY
>> TYPE65534
>>
>> ;; Query time: 8 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon May 23 22:35:09 2011
>> ;; MSG SIZE rcvd: 483
>>
>> $ dig +dnssec borgnet.us.
>>
>> ; <<>> DiG 9.7.3 <<>> +dnssec borgnet.us.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12514
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 4096
>> ;; QUESTION SECTION:
>> ;borgnet.us. IN A
>>
>> ;; Query time: 1825 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon May 23 22:35:22 2011
>> ;; MSG SIZE rcvd: 39
>>
>> $
>>
>> Regards
>> Christian Felsing
>>
>> Am 23.05.2011 22:15, schrieb Scott Grayban:
>>
>>
>>> So only the master/top peer servers shows ? Or does the pool rotate
>>> every 15 levels ?
>>>
>>> At least yours is showing up in the "Servers currently not in the pool"
>>> were as mine doesn't show up in either list.
>>>
>>> Regards,
>>> Scott Grayban
>>>
>>> /"\
>>> \ / ASCII RIBBON
>>> X FIGHT BREAST CANCER
>>> / \
>>>
>>>
>>> Christian Felsing said the following on 05/23/2011 12:38 PM:
>>>
>>>
>>>> Kristian (author of status tool) advised my to look at
>>>> http://code.google.com/p/sks-keyservers-pool/source/browse/trunk/sks-keyservers.net/status-srv/sks.inc.php#104
>>>> which shows a limitation of a recursion depth of 15. Server is scanned
>>>> but funtion returns always false, so server is not added to list.
>>>>
>>>> So don't care about that...
>>>>
>>>> Christian
>>>>
>>>> Am 23.05.2011 18:17, schrieb Scott Grayban:
>>>>
>>>>
>>>>
>>>>> My server does not show up either.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Sks-devel mailing list
>>> address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>
>>>
>>
>>
- Re: [Sks-devel] key.ip6.li status, (continued)
- Re: [Sks-devel] key.ip6.li status, Scott Grayban, 2011/05/24
- [Sks-devel] Peering opportunity! (Re: key.ip6.li status), Hauke Lampe, 2011/05/27
- Re: [Sks-devel] Peering opportunity! (Re: key.ip6.li status), Dimitar Ianakiev, 2011/05/27
- Re: [Sks-devel] Peering opportunity! (Re: key.ip6.li status), Andrey Korobkov, 2011/05/28
- Re: [Sks-devel] Peering opportunity! (Re: key.ip6.li status), Sorcier FXK, 2011/05/28
- Re: [Sks-devel] Peering opportunity! (Re: key.ip6.li status), Christian Felsing, 2011/05/28
- Message not available
- Re: [Sks-devel] key.ip6.li status, Scott Grayban, 2011/05/24
- Re: [Sks-devel] key.ip6.li status, Scott Grayban, 2011/05/23
- Re: [Sks-devel] key.ip6.li status, Christian Felsing, 2011/05/23
- Re: [Sks-devel] key.ip6.li status, Scott Grayban, 2011/05/23
- Re: [Sks-devel] key.ip6.li status,
Scott Grayban <=
Re: [Sks-devel] key.ip6.li status, Arnold, 2011/05/23