Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
* Heiko Schlittermann:
> Could this somehow trigger this (unexpected) behaviour of a failing
> validation? But why does it work for somebody (anybody?) else using this
> version of bind? (output of the CHAOS version.bind query: "9.6-ESV-R3")
Obviously, it works for me, in quite a similar setup (consumer
Internet from Deutsche Telekom, among other things).
Can you show us the output from:
dig +cd +dnssec ftp.debian.org DS
dig +cd +dnssec ftp.debian.org DNSKEY
dig +cd +dnssec ftp.debian.org A
dig +cd +dnssec debian.org DNSKEY
? I suspect you've got problems validating the ftp.debian.org DNSKEY
RRset for some reason.