Open permezel opened 8 years ago
permezel
commented
8 years ago Re-attempted to prove it, so new data. dig immediately returns updated.
\@.zepherin.com. 300 IN TXT "keybase-site-verification=Baocp0IzrueesCAtq7Za8BB4bDmD3_T11yL6xBGhIYo"
I suspect you are confused by:
$ dig -t TXT -q zepherin.com
...
zepherin.com. 300 IN TXT "v=spf1 include:_spf.google.com ip6:2406:c500:ffef::/48 ip4:165.228.121.63 ~all"
zQueal
commented
8 years ago As far as I know Keybase will not verify a TXT entry that isn't located at @ or _keybase.@. So it's not really that Keybase is getting hung up, it's just technically in the wrong record;
zepherin.com. 300 IN TXT "keybase-site-verification=3zxC8wX4BLYRljecwhuUAUieO2EprG9p6qBrfsIw8VY"or
_keybase.zepherin.com. 300 IN TXT "keybase-site-verification=3zxC8wX4BLYRljecwhuUAUieO2EprG9p6qBrfsIw8VY"I did locate it at ‘@‘. Well, ‘@.zepherin.com’, as Route 53 appends the .zepherin.com
Dig reports it as ‘\@.zepherin.com’. Hopefully you can see this embedded image:
This shows the Route 53 management console entry for the record.
I will add a _keybase.zepherin.com one also.
On 29 Jul 2016, at 14:52, Zach Queal notifications@github.com wrote:
As far as I know Keybase will not verify a TXT entry that isn't located at @ or _keybase.@. So it's not really that Keybase is getting hung up, it's just technically in the wrong record;
zepherin.com. 300 IN TXT "keybase-site-verification=3zxC8wX4BLYRljecwhuUAUieO2EprG9p6qBrfsIw8VY"
or
_keybase.zepherin.com. 300 IN TXT "keybase-site-verification=3zxC8wX4BLYRljecwhuUAUieO2EprG9p6qBrfsIw8VY"
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
zQueal
commented
8 years ago Well, ‘@.zepherin.com’, as Route 53 appends the .zepherin.com
Didn't know that, thanks!
I actually can't see the image for whatever reason. Regardless, if you put it at _keybase.@ there should be no reason why it would fail--but then again there's no reason why it should fail at the apex, either. The only other explanation is that it's just taking a while for DNS to propagate.
permezel
commented
8 years ago This seemed to do it. You should amend the proof screens so that this option is presented. I was only told supply ‘@‘ if required, not ‘_keybase’.
On 29 Jul 2016, at 14:59, Damon Permezel dap@zepherin.com wrote:
I will add a _keybase.zepherin.com one also.
naftulikay
commented
8 years ago I'm also in Route53 and created a @.mydomain.com. record, as that's what it seemed to suggest that I need to do.
In short, what is the actual solution here? What record do I need to create to have Keybase correctly validate my DNS name?
My record looks like this in Route53 API syntax:
{
"Name": "@.mydomain.com.",
"Type": "TXT",
"TTL": "86400",
"ResourceRecords": [
"\"keybase-site-verification=verification_string\""
]
}What am I supposed to use as my record name here?
cjb
commented
8 years ago Oh, it looks like you used a literal @. "@" is used here as a synonym for the domain name itself. So the TXT record goes on the root domain name
naftulikay
commented
8 years ago @cjb Why wouldn't I have used a literal @? That's precisely what the DNS walkthrough described :unamused:
I have no idea where this notion of _keybase.mydomain.com. or just putting it on the root record comes from. Cannot find the source code for this website, so I can't submit a PR on the documentation, but it does instruct us to shove the TXT record at @.
cjb
commented
8 years ago You're right, it says:
"If you need a "name" for your entry, give it @."
It's supposed to go on the root of the domain, and most DNS software (but apparently not yours) uses @ to refer to the root of the domain. We'll look into getting better instructions.
naftulikay
commented
8 years ago Awesome, thanks @cjb. So I can create a TXT record for _keybase.mydomain.com. and that'll work? Please note that Route53 also forces us to enclose our TXT records in quotes:
$ dig +short '\@.mydomain.com' TXT
"keybase-site-verification=verification_key"Alternatively I can just stick that TXT record on the root of my domain, right?
cjb
commented
8 years ago Yes, I expect that'll work. If it's possible for one host to have multiple TXT records, then I'd also expect adding a second TXT record on your root to work, too.
naftulikay
commented
8 years ago @cjb so the current language says:
Please enter the following as a TXT entry in your DNS zone, exactly as it appears. If you need a "name" for your entry, give it
@.
Seeing as my DNS implementation knowledge is a bit rusty, I just did what it said :blush:
fpischedda
commented
8 years ago Hi,
I'm having truble trying to verify my dns, I have two TXT records and Keybase seems to not be able to recognize the keybase entry, here is what dig says:
dig +short 'pischedda.info' TXT "v=spf1 redirect=_spf.yandex.net" "keybase-site-verification=[MY-KEY]"
what I'm doing wrong?
maxtaco
commented
8 years ago HEre's what dig says for me:
dig piaschedda.info txt
; <<>> DiG 9.8.3-P1 <<>> piaschedda.info txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63221
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;piaschedda.info. IN TXT
;; AUTHORITY SECTION:
info. 894 IN SOA a0.info.afilias-nst.info. noc.afilias-nst.info. 2011527557 3600 1800 604800 3600
;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Sep 15 10:44:07 2016
;; MSG SIZE rcvd: 93
@maxtaco you mispelled the domain name is pischedda.info not piaschedda.info :)
here is the result of the dig command: $ dig -t TXT -q pischedda.info
; <<>> DiG 9.8.3-P1 <<>> -t TXT -q pischedda.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61216 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;pischedda.info. IN TXT
;; ANSWER SECTION: pischedda.info. 1791 IN TXT "keybase-site-verification=MY-KEY" pischedda.info. 1791 IN TXT "v=spf1 redirect=_spf.yandex.net"
;; Query time: 46 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Sep 15 16:53:45 2016 ;; MSG SIZE rcvd: 158
maxtaco
commented
8 years ago Ahem, you misspelled the domain name first:
keybase id fpischedda@github
▶ INFO Identifying fpischedda
✔ public key fingerprint: AB96 944B 2108 1B09 8BCA DA5D C959 4B1F B6F1 BDF2
✔ "minasss" on hackernews: https://news.ycombinator.com/user?id=minasss [cached 2016-09-15 10:43:46 EDT]
✔ "minasss" on reddit: https://www.reddit.com/r/KeybaseProofs/comments/51e4f7/my_keybase_proof_redditminasss_keybasefpischedda/ [cached 2016-09-15 10:43:46 EDT]
✔ "focaskater" on twitter: https://twitter.com/focaskater/status/773064100385525760 [cached 2016-09-15 10:43:46 EDT]
✔ admin of francesco.pischedda.info via HTTPS: https://francesco.pischedda.info/keybase.txt [cached 2016-09-15 10:43:46 EDT]
✔ "minasss" on coinbase: https://coinbase.com/minasss/public-key [cached 2016-09-15 10:43:46 EDT]
✔ "fpischedda" on github: https://gist.github.com/829cfb84f05d9b2d0f8f57f0f2a6e143 [cached 2016-09-15 10:43:46 EDT]
▶ WARNING | Check status (uid=bcc159aebcd6d164e47d015be1b29419, seq=16, link=6b1c78c624214fa46a69f6de1cd6b7292fa7d604dafa46a4f2f3228ff7b2b384) failed with error: DNS failure for piaschedda.info: lookup piaschedda.info on 192.168.1.1:53: no such host (code=107)
✖ Proof for piaschedda.info failed: DNS failure for piaschedda.info: lookup piaschedda.info on 192.168.1.1:53: no such host (code=107)ahahah doh! sorry sorry sorry
Using Amazon Route 53 DNS. I already had a 'zepherin.com' TXT entry, so had to use the '@'.