Does dancheck has sub-domain support? I think it expects a DS record at the subdomain...
To replicate:
We're hosting a DNSSEC server, e.g. example.com.
Showing danecheck works:
➜ danecheck git:(master) ✗ danecheck -n 1.2.3.4
. IN DNSKEY 256 3 8 AwEAA...QBkYGpF78= ; AD=1 NoError
. IN DNSKEY 256 3 8 AwEAA.......J5ZJWLRs= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEA.......+Uk1ihz0= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEAAaz.....V74bU= ; AD=1 NoError
. IN SOA a.root-servers.net. nstld@verisign-grs.com. 2018092600 1800 900 604800 86400 ; AD=1 NoError
In this domain, we're hosting a sub-domain in the same zone, e.g. sub.example.com.
danecheck cannot verify this domain since it has no DS records and such.
Does
dancheckhas sub-domain support? I think it expects a DS record at the subdomain...To replicate:
We're hosting a DNSSEC server, e.g.
example.com. Showing danecheck works:In this domain, we're hosting a sub-domain in the same zone, e.g.
sub.example.com.danecheckcannot verify this domain since it has no DS records and such.example.com has a DNSkey and record for the whole zone. Including sub.example.com