[Opendnssec-user] Denial of existence
Roman Serbski
mefystofel at yahoo.com
Fri Aug 16 09:22:21 UTC 2024
Hello,
OpenDNSSEC 2.1.13 running on FreeBSD 13.3.
Recently, dnsviz.net started reporting the lack of "Denial of existence" DNSSEC option error for all my domains:
ad2h.mydomain.org/A has errors; select the "Denial of existence" DNSSEC option to see them.mydomain.org/CDNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.mydomain.org/CDS has errors; select the "Denial of existence" DNSSEC option to see them.mydomain.org/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.mydomain.org/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
Is this due to TTL commented in my kasp.xml or I miss some other settings?
<Denial> <NSEC3> <!-- <TTL>PT0S</TTL> --> <!-- <OptOut/> --> <Resalt>P100D</Resalt> <Hash> <Algorithm>1</Algorithm> <Iterations>5</Iterations> <Salt length="8"/> </Hash> </NSEC3></Denial>
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20240816/0a15bd71/attachment.htm>
More information about the Opendnssec-user
mailing list