Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?

To: debian-devel@lists.debian.org
Subject: Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 18 Dec 2010 21:41:43 +0100
Message-id: <[🔎] 87fwtuizjs.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20101214212503.GC22461@jumper.schlittermann.de> (Heiko Schlittermann's message of "Tue, 14 Dec 2010 22:25:03 +0100")
References: <[🔎] 20101214131844.GL22461@jumper.schlittermann.de> <[🔎] 20101214174249.GI30157@anguilla.noreply.org> <[🔎] 20101214192547.GT22461@jumper.schlittermann.de> <[🔎] 20101214193146.GM30157@anguilla.noreply.org> <[🔎] 20101214194047.GV22461@jumper.schlittermann.de> <[🔎] 20101214202935.GX22461@jumper.schlittermann.de> <[🔎] 20101214212503.GC22461@jumper.schlittermann.de>

* Heiko Schlittermann:

> Could this somehow trigger this (unexpected) behaviour of a failing
> validation? But why does it work for somebody (anybody?) else using this
> version of bind? (output of the CHAOS version.bind query: "9.6-ESV-R3")

Obviously, it works for me, in quite a similar setup (consumer
Internet from Deutsche Telekom, among other things).

Can you show us the output from:

  dig +cd +dnssec ftp.debian.org DS
  dig +cd +dnssec ftp.debian.org DNSKEY
  dig +cd +dnssec ftp.debian.org A
  dig +cd +dnssec debian.org DNSKEY

?  I suspect you've got problems validating the ftp.debian.org DNSKEY
RRset for some reason.

Reply to:

Follow-Ups:
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>

References:
- Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Peter Palfrader <weasel@debian.org>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Peter Palfrader <weasel@debian.org>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
  - From: Heiko Schlittermann <hs@schlittermann.de>

Prev by Date: Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Next by Date: Bug#607477: ITP: sonic -- Simple utility to speed up or slow down speech
Previous by thread: Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
Next by thread: Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
Index(es):
- Date
- Thread