[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: DNSSEC validation failure



http://dnsviz.net/d/gem-x.ru/dnssec/ shows that your DS and DNSKEYs match. The problem seems to be that there are notRRSIG records being returned for queries to your domain, presumably because your DNS provider does not support DNSSEC properly (or at all).

You need either to remove the DS records (you can also remove the DNSKEYs as they serve no purpose in that case) for your domain, or find a DNS provider who supports DNSSEC.

$ dig +dnssec +nocrypto DNSKEY gem-x.ru @ns1.firstvds.ru

; <<>> DiG 9.12.0 <<>> +dnssec +nocrypto DNSKEY gem-x.ru @ns1.firstvds.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49722
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;gem-x.ru. IN DNSKEY

;; ANSWER SECTION:
gem-x.ru. 3600 IN DNSKEY 256 3 8 [key id = 55443]
gem-x.ru. 3600 IN DNSKEY 257 3 8 [key id = 39310]
gem-x.ru. 3600 IN DNSKEY 257 3 8 [key id = 62059]

;; Query time: 129 msec
;; SERVER: 82.146.43.2#53(82.146.43.2)
;; WHEN: Mon Jan 21 17:12:55 EST 2019
;; MSG SIZE  rcvd: 737


--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/1b6ae8b5-7f83-4166-89f9-acdb44c921b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.