DNSSEC RRSIG TTL 86400 differs from originating record

R

rjanssen

Verified User
Joined
Apr 15, 2016
Messages
7
We are currently trying to get DNSSEC working. We know this is in beta stage but want to make this bug report, or, if its not a bug, please tell me what is wrong in our configuration:




DNSVIZ result:

[root@localhost ~]# dnsviz probe -A -d 3 replacedhidden.nl | dnsviz print
No global IPv6 connectivity detected
Analyzing nl (stub)
Analyzing replacedhidden.nl
Querying replacedhidden.nl/NS (referral)...
Querying replacedhidden.nl/NS (auth)...
Querying replacedhidden.nl/A...
Preparing query pentqofdjw.replacedhidden.nl/A (NXDOMAIN)...
Preparing query replacedhidden.nl/CNAME (No data)...
Preparing query replacedhidden.nl/MX...
Preparing query replacedhidden.nl/TXT...
Preparing query replacedhidden.nl/SOA...
Preparing query replacedhidden.nl/DNSKEY...
Preparing query replacedhidden.nl/DS...
Preparing query replacedhidden.nl/AAAA...
Executing queries...
replacedhidden.nl [-] [.]
[-] DS: 5/17881/2 [.]
[-] DNSKEY: 5/38643/256 [.], 5/17881/257 [.]
[-] RRSIG: replacedhidden.nl/5/17881 (2016-04-14 - 2016-05-19) [.!]
E:ORIGINAL_TTL_EXCEEDED
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.!]
E:ORIGINAL_TTL_EXCEEDED
[-] A: 1.2.3.4
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] NS: ns5.hiddenNS.nl., ns4.hiddenNS.nl.
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] CNAME: NODATA
[-] SOA: ns4.hiddenNS.nl. hostmaster.replacedhidden.nl. 2016041403 14400 3600 1209600 86400
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] PROOF: [.]
[-] NSEC: replacedhidden.nl. _dmarc.replacedhidden.nl. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] SOA: ns4.hiddenNS.nl. hostmaster.replacedhidden.nl. 2016041403 14400 3600 1209600 86400
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] MX: 10 mail.replacedhidden.nl.
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] TXT: "v=spf1 a mx ip4:1.2.3.4 ~all"
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] AAAA: 2bb0:2bb0:1::1
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
pentqofdjw.replacedhidden.nl
[-] A: NXDOMAIN
[-] SOA: ns4.hiddenNS.nl. hostmaster.replacedhidden.nl. 2016041403 14400 3600 1209600 86400
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] PROOF: [.]
[-] NSEC: replacedhidden.nl. _dmarc.replacedhidden.nl. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]
[-] NSEC: mail.replacedhidden.nl. pop.replacedhidden.nl. A AAAA RRSIG NSEC
[-] RRSIG: replacedhidden.nl/5/38643 (2016-04-14 - 2016-05-19) [.]



The DNS -UNSIGNED- zone:

$TTL 14400
@ IN SOA ns4.hiddenNS.nl. hostmaster.hidden.nl. (
2016041402
14400
3600
1209600
86400 )

HIDDEN.nl. 14400 IN NS ns4.hiddenNS.nl.
HIDDEN.nl. 14400 IN NS ns5.hiddenNS.nl.
ftp 14400 IN A 1.2.3.4
mail 14400 IN A 1.2.3.4
pop 14400 IN A 1.2.3.4
smtp 14400 IN A 1.2.3.4
HIDDEN.nl. 14400 IN A 1.2.3.4
www 14400 IN A 1.2.3.4
HIDDEN.nl. 14400 IN MX 10 mail
_dmarc 14400 IN TXT
_domainkey 14400 IN TXT
HIDDEN.nl. 14400 IN TXT
x._domainkey 14400 IN TXT
ftp 14400 IN AAAA
mail 14400 IN AAAA
pop 14400 IN AAAA
smtp 14400 IN AAAA
HIDDEN.nl. 14400 IN AAAA
www 14400 IN AAAA


The DNS SIGNED zone:

HIDDEN.nl. 14400 IN SOA ns4.hiddenNS.nl. hostmaster.HIDDEN.nl. (
2016041403 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
86400 ; minimum (1 day)
14400 RRSIG SOA 5 2 14400 20160519191707 (
14400 NS ns4.hiddenNS.nl.
14400 NS ns5.hiddenNS.nl.
14400 RRSIG NS 5 2 14400 20160519191707 (
14400 A 1.2.3.4
14400 RRSIG A 5 2 14400 20160519191707 (
14400 MX 10 mail.HIDDEN.nl.
14400 RRSIG MX 5 2 14400 20160519191707 (
14400 TXT "v=spf1 a mx ip4:1.2.3.4 ~all"
14400 RRSIG TXT 5 2 14400 20160519191707 (
14400 AAAA 1111:1111:1:1
14400 RRSIG AAAA 5 2 14400 20160519191707 (
86400 NSEC _dmarc.HIDDEN.nl. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY
86400 RRSIG NSEC 5 2 86400 20160519191707 (
14400 DNSKEY 256 3 5 (
) ; key id = 38643
14400 DNSKEY 257 3 5 (
) ; key id = 17881
14400 RRSIG DNSKEY 5 2 14400 20160519191707 (
14400 RRSIG DNSKEY 5 2 14400 20160519191707 (
_domainkey.HIDDEN.nl. 14400 IN TXT "o=~"
14400 RRSIG TXT 5 3 14400 20160519191707 (
86400 NSEC x._domainkey.HIDDEN.nl. TXT RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
mail.HIDDEN.nl. 14400 IN A 1.2.3.4
14400 RRSIG A 5 3 14400 20160519191707 (
14400 AAAA 1111:1111:1:1
14400 RRSIG AAAA 5 3 14400 20160519191707 (
86400 NSEC pop.HIDDEN.nl. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
_dmarc.HIDDEN.nl. 14400 IN TXT "v=DMARC1\; p=none\; sp=none\; rua=mailto:[email protected]"
14400 RRSIG TXT 5 3 14400 20160519191707 (
86400 NSEC _domainkey.HIDDEN.nl. TXT RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
www.HIDDEN.nl. 14400 IN A 1.2.3.4
14400 RRSIG A 5 3 14400 20160519191707 (
14400 AAAA 1111:1111:1:1
14400 RRSIG AAAA 5 3 14400 20160519191707 (
86400 NSEC HIDDEN.nl. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
ftp.HIDDEN.nl. 14400 IN A 1.2.3.4
14400 RRSIG A 5 3 14400 20160519191707 (
14400 AAAA 1111:1111:1:1
14400 RRSIG AAAA 5 3 14400 20160519191707 (
86400 NSEC mail.HIDDEN.nl. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
x._domainkey.HIDDEN.nl. 14400 IN TXT
14400 RRSIG TXT 5 4 14400 20160519191707 (
86400 NSEC ftp.HIDDEN.nl. TXT RRSIG NSEC
86400 RRSIG NSEC 5 4 86400 20160519191707 (
smtp.HIDDEN.nl. 14400 IN A 1.2.3.4
14400 RRSIG A 5 3 14400 20160519191707 (
14400 AAAA 1111:1111:1:1
14400 RRSIG AAAA 5 3 14400 20160519191707 (
86400 NSEC www.HIDDEN.nl. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
pop.HIDDEN.nl. 14400 IN A 1.2.3.4
14400 RRSIG A 5 3 14400 20160519191707 (
14400 AAAA 1111:1111:1:1
14400 RRSIG AAAA 5 3 14400 20160519191707 (
86400 NSEC smtp.HIDDEN.nl. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20160519191707 (
 
You must log in or register to reply here.
Back
Top