1
DNSSEC child domain
Problem reported by Christopher York - May 28, 2014 at 9:24 PM
Known
I have my domain echodreamz.com that is DNSSEC signed, no errors report all works well.
 
I have a child / sub domain test.echodreamz.com that I am also trying to DNSSEC.
 
http://dnssec-debugger.verisignlabs.com/test.echodreamz.com reports an error with the DS key that I cannot figure out.. I signed the root domain and the child domain with the same key.
 
Thanks!

6 Replies

Reply to Thread
0
JH Software Replied
June 4, 2014 at 12:25 PM
Employee Post
When you sign the sub-domain zone, you need to also generate the DS-records to put in the parent zone.
When you right-click the sub-domain zones and select "DNSSEC sign", you will be given an option to "Generate and display a list of DS-record for inclusion in parent zone..."
You need to copy those DS-record to the parent zone - and re-sign the parent zone.
0
Christopher York Replied
June 4, 2014 at 1:05 PM
Yep, done that, however it still shows missing the DS records at the parent zone.
0
Christopher York Replied
June 4, 2014 at 1:05 PM
The DS RRset was not signed by any keys in the chain-of-trust is the error I get.
0
Christopher York Replied
June 13, 2014 at 7:23 PM
Any thoughts or assistance on this would be helpful.
 
Thanks!
0
Christopher York Replied
June 18, 2014 at 1:29 PM
Does anyone have any ideas how to resolve this?
 
Thanks!
0
Christopher York Replied
June 18, 2014 at 2:09 PM
http://dnssec-debugger.verisignlabs.com/test.echodreamz.com
 
Now I get No DS records found in the echodreamz.com zone, even though I've created the test DS record in the echodreamz.com root.

Reply to Thread