SixXS::Sunset 2017-06-06

DNSSEC DLV 2001:06f8:1c00::/40
[de] Shadow Hawkins on Tuesday, 17 November 2009 14:11:06
Hello, from the FAQ I get the impression that the SixXS /40 networks are already registered at dlv.isc.org. I added my DS entries to the DNSSEC subnet configuration, but don't see it working. I started to dig deeper and checked if there is a /40 entry in the dlv.isc.org zone:
~> dig @2001:4f8:3:2bc:1::64:20 c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org dlv ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4744 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org. IN DLV ;; AUTHORITY SECTION: dlv.isc.org. 1101 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009111702 7200 3600 2419200 3600 ;; Query time: 1033 msec ;; SERVER: 2001:4f8:3:2bc:1:0:64:20#53(2001:4f8:3:2bc:1:0:64:20) ;; WHEN: Tue Nov 17 14:02:09 2009 ;; MSG SIZE rcvd: 112
Should I expect a DLV entry for this zone or is there some mistake in my check? Do I need to add my /48 to the DLV registry?
DNSSEC DLV 2001:06f8:1c00::/40
[ch] Jeroen Massar SixXS Staff on Monday, 30 November 2009 11:48:58
Please do post tickets for these kind of problems so that they are properly seen as we do not monitor the forums closely. The problem itself has been resolved:
$ dig @2001:4f8:3:2bc:1::64:20 c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org dlv ; <<>> DiG 9.5.1-P3 <<>> @2001:4f8:3:2bc:1::64:20 c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org dlv ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35740 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org. IN DLV ;; ANSWER SECTION: c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org. 3600 IN DLV 33412 5 1 AA7426374FACE6599C69DC688B460A49BCD6B724 c.1.8.f.6.0.1.0.0.2.ip6.arpa.dlv.isc.org. 3600 IN DLV 33412 5 2 C873779F59A2320265E0D9D0F0251F56DB393049364A0954AFF7B038 793C0167 ;; AUTHORITY SECTION: dlv.isc.org. 208 IN NS dlv.ord.sns-pb.isc.org. dlv.isc.org. 208 IN NS ns2.isc.ultradns.net. dlv.isc.org. 208 IN NS ns1.isc.ultradns.net. dlv.isc.org. 208 IN NS dlv.ams.sns-pb.isc.org. dlv.isc.org. 208 IN NS dlv.sfba.sns-pb.isc.org. dlv.isc.org. 208 IN NS ns.isc.afilias-nst.info. ;; Query time: 1167 msec ;; SERVER: 2001:4f8:3:2bc:1:0:64:20#53(2001:4f8:3:2bc:1:0:64:20) ;; WHEN: Mon Nov 30 11:47:09 2009 ;; MSG SIZE rcvd: 305
Also verified that all the other zones are properly in the DLV.
DNSSEC DLV 2001:06f8:1c00::/40
[de] Shadow Hawkins on Monday, 30 November 2009 14:19:41
Thank you for your information and the fix. Now I get valid data (AD flag) for my zone from a validating resolver.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker