[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?

* Heiko Schlittermann:

> Could this somehow trigger this (unexpected) behaviour of a failing
> validation? But why does it work for somebody (anybody?) else using this
> version of bind? (output of the CHAOS version.bind query: "9.6-ESV-R3")

Obviously, it works for me, in quite a similar setup (consumer
Internet from Deutsche Telekom, among other things).

Can you show us the output from:

  dig +cd +dnssec ftp.debian.org DS
  dig +cd +dnssec ftp.debian.org DNSKEY
  dig +cd +dnssec ftp.debian.org A
  dig +cd +dnssec debian.org DNSKEY

?  I suspect you've got problems validating the ftp.debian.org DNSKEY
RRset for some reason.

Reply to: