[Dnssec-deployment] dnsviz.net reporting (benign) US signing error
Chris Thompson
cet1 at cam.ac.uk
Wed Dec 1 14:06:12 EST 2010
On Dec 1 2010, I wrote [something mangled, so I'll try again - apologies.
Oh, and by the way, e-mail to hostamster at neustar.biz bounces].
It has been pointed out on the bind-users mailing list - see
https://lists.isc.org/pipermail/bind-users/2010-December/081888.html
- that http://dnsviz.net/d/us/dnssec/ is reporting that the signature on the
DNSKEY RRset for "us" by one of the keys is bad:
| Errors (1)
|
| * RRSIG us/DNSKEY by alg 5, key 27377:
| The signature in the RRSIG is bogus.
That key is a ZSK, so this doesn't actually affect validation (the
signature with the KSK is fine).
Anyone know any more about this? Is dnsviz.net even correct?
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the Dnssec-deployment
mailing list