[Opendnssec-user] Zone not properly signed

Tue Jul 19 14:45:57 UTC 2016

Hello,

I'd like to see your key list (running 'ods-ksmutil key list -v --all').
If the chain is still broken, the tmp and signed files might be helpful. If it is possible please send me those files.

Regards,
Hoda Rohani

On 19-07-16 16:06, Volker Janzen wrote:
> Hi Jan-Piet,
> 
> I have not saved the old tmp entry, I forgot about that. :-(
> 
> But according to http://dnssec-debugger.verisignlabs.com/voja.de my live zone is still broken with the same error and available for further debugging.
> 
> The current signed file just have one NSEC3PARAM:
> 
> grep NSEC3PARAM voja.de
> voja.de.        0       IN      NSEC3PARAM      1 0 5 843d90aeda8e8d67 
> voja.de.        0       IN      RRSIG   NSEC3PARAM 8 2 0 20160802230408 20160719114534 53815 voja.de. cr34VLnEyYqrXwhRQkTTeOeiLRc6I7iQh50egme4XYyyXCtuj+paFHX7V834TAVZj05hA7Q82kl7RDfC5XGnvq6hkqexabNSNpwCNVKgAjpoAOBCtaY35iKNENzlic8MVkoasIj0I/eEg2bFwAhmy/gx0hmK3qwbcG5Nx3NUOvs=
> 29f0g0hr67r1rqj4jju7q2ibolhavrfv.voja.de.       3600    IN      NSEC3   1 0 5 843d90aeda8e8d67  2t4icqlvbd9n0keb8onuohhtcuemfrfu A NS SOA MX AAAA SSHFP RRSIG DNSKEY NSEC3PARAM 
> 
> 
> Regards
>     Volker
> 
> 
> Am 19.07.2016 um 15:52 schrieb Jan-Piet Mens <jpmens.dns at gmail.com>:
> 
>>> What steps can I do to find out what might have gone wrong?
>>
>> I hope you still have the intermediate (tmp/) and signed files? Check whether you have more than 1 NSEC3PARAM records in the output. I've frequently been bitten by that .
>>
>>    -JP
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>>
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 