Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe

To: reed%reedmedia.net@localhost
Subject: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Tue, 24 Mar 2020 10:57:16 +0100 (CET)

> You can also use delv to see named like behaviour:
> delv protonmail.ch
> delv -d 99 protonmail.ch

I think this line for the last one is the problem:

;; validating protonmail.ch/DNSKEY: no DNSKEY matching DS

and, indeed, re-computing the DS record from the protonmail.ch
DNSKEY:

% dig protonmail.ch. dnskey | dnssec-dsfromkey -f - -a sha384 protonmail.ch

results in

protonmail.ch. IN DS 27196 8 4 73D3962080B965B6A3D80AB3097FDA1C561C49FB938C06941D9910DC6B3E21AC0F2C8610BB8F6ADB0279EC726D2C4648

while querying for the protonmail.ch DS record gives

protonmail.ch. IN DS 27196 8 4 E422EE237DE2FE29190F1BDDC0C0E2469679411F329AAB2A7BD8DE43 575C1C6FAB6B9FFC521996E526F4B5D513798D9E

which doesn't match.

Regards,

- Håvard

Follow-Ups:
- Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
  - From: Mike Pumford

References:
- Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
  - From: reed
- Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
  - From: Jarle Greipsland
- Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
  - From: reed

Prev by Date: Re: Terrible system slowness
Next by Date: Terrible system slowness
Previous by Thread: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
Next by Thread: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
Indexes:

Home | Main Index | Thread Index | Old Index