-
Type:
Support
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: OpenDNSSEC 1.4.2
-
Fix Version/s: None
-
Component/s: Distribution
-
Labels:None
-
Environment:
We have a Server with SLES 11, and OpenDNSSEC system and LunaHSM.
Hi.
We have experimented some problems with records no dnssec. With some resolver's servers with dnssec enabled, the searches over some domains without dnssec, responded with servfail error.
In the study we detected some NSEC3 signature performed in the past month/year: 12/30/2017, and we didn't find the reason for this signature problems. In the log's servers don't appear any error in that date. We don't know if that signature is incorrect. What can i validated that signature?
. 86400 IN RRSIG NSEC3 8 2 86400 20180113085319 20171230015444 36970 es. TPNwJ8NbTpXeJRcHvXy/Ma2cLaQ9cVDrMBrvYgAoj4Oo6kzY aLUB9T338K6ryPVWh4O0IOtRko5SdvheXLI6Flu+E/7+zaRG2WS1l5SSM1h6e/KLP/s/hy3elDds65n8JOQp9mK7NKco4KShINwS/4aNIXZmF3n/J1fjMwcbA/M=
I attach some details generated in the dnsviz application web. And I need to determine why the signature is considered invalid.. is it originated for the year change?
