22 Dub
2025
22 Dub
'25
17:19
Hi
Your DS in .NET was missing at this point
https://dnsviz.net/d/enfer-du-nord.net/aAeeOQ/dnssec/.
So You did solve it the correct way. (If You do not use autoprovisioning as
described in rfc8078 but i haven't found a way to do that in .NET TLD)
I don't know how or why it was removed though but it is probably something
that happened at Your registrar.
/Leif
On Tue, Apr 22, 2025 at 4:46 PM Michael Grimm via knot-dns-users <
knot-dns-users(a)lists.nic.cz> wrote:
Hi,
this happened to me for the second time, that https://dnsviz.net <
https://dnsviz.net/> tells me:
| enfer-du-nord.net/CDNSKEY: The CDNSKEY RRset must be signed with a key
that is represented in both the
| current DNSKEY and the current DS RRset. See RFC 7344, Sec. 4.1.
| enfer-du-nord.net/CDS: The CDS RRset must be signed with a key that is
represented in both the current
| DNSKEY and the current DS RRset. See RFC 7344, Sec. 4.1.
I do not understand what that means.
#) I haven't modified my KSK for some time now
#) I did notify my parent zone about a modified list of nameservers (via
registrar's web portal)
I am not absolutely sure if the latter is the cause for these error
messages.
I 'fixed' that issue by re-uploading my unmodified KSK DNSKEY (via
registrar's web portal).
Hmm, how can I fix that issue the right way?
Any hints are highly welcome,
Michael
--