DSNSEC how to check if is working correctly

leonep

Well-Known Member
Nov 18, 2014
225
18
68
Pescara
cPanel Access Level
Root Administrator
Hello,
I have just installed PowerDNS and i have created DS records in cpanel for one domain.
I have imported this keys on register panel.

the utility looks good:

$ pdnsutil list-secure-zones
Jan 24 10:11:27 [bindbackend] Done parsing domains, 3 rejected, 148 new, 0 removed
mydomain.tld
All secure zonecount:1

i am following this guide to check if it is working ( How do I know if DNSSEC is enabled on a domain? )

i have no responses on whois:
$ whois mydomain.tld | egrep -i "DNSSEC|signed"

instead with dig i got responses
$ dig ds mydomain.tld +short
2494 8 2 CA8926F4EAEA0B3FED88F1111111111660F0CD684EE178D398367F64 111111111
2904 8 2 FF2BC25B1FEA9A3C7035F9FE1A03C222222229076BE2EA2FB3DCD481 11111111


not sure if it's working. what else can i check? thanks
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,329
2,102
363
cPanel Access Level
Root Administrator
Hey there! If the "dig" output is working but "whois" isn't, it would be best to contact your registrar to ensure those were added properly on their end. There could also be a delay on the registrar side depending on how often they refresh that information.
 

leonep

Well-Known Member
Nov 18, 2014
225
18
68
Pescara
cPanel Access Level
Root Administrator
thanks,
from DNSSEC ANAlyzer looks good...
and also from whois if i use from a web service .
i found i have problem in whois lookup command only for .ovh domains
i open a ticket to ovh
thanks a lot


# whois demomql.ovh
[Querying whois-ovh.nic.fr]
[whois-ovh.nic.fr: Name or service not known]
[Unable to connect to remote host]
 
  • Like
Reactions: cPRex