DSNSEC how to check if is working correctly

[leonep]

Hello,
I have just installed PowerDNS and i have created DS records in cpanel for one domain.
I have imported this keys on register panel.

the utility looks good:

$ pdnsutil list-secure-zones
Jan 24 10:11:27 [bindbackend] Done parsing domains, 3 rejected, 148 new, 0 removed
mydomain.tld
All secure zonecount:1

i am following this guide to check if it is working ( How do I know if DNSSEC is enabled on a domain? )

i have no responses on whois:
$ whois mydomain.tld | egrep -i "DNSSEC|signed"

instead with dig i got responses
$ dig ds mydomain.tld +short
2494 8 2 CA8926F4EAEA0B3FED88F1111111111660F0CD684EE178D398367F64 111111111
2904 8 2 FF2BC25B1FEA9A3C7035F9FE1A03C222222229076BE2EA2FB3DCD481 11111111


not sure if it's working. what else can i check? thanks

 

[cPRex]

Hey there! If the "dig" output is working but "whois" isn't, it would be best to contact your registrar to ensure those were added properly on their end. There could also be a delay on the registrar side depending on how often they refresh that information.

 

[ffeingol]

Not sure it will help you, but I've found this web site helpful for debugging DNSSEC issues: DNSSEC Analyzer There are other similar ones if you simply search for verify DSNSSEC or check DNSSEC.

 

[leonep]

thanks,
from DNSSEC ANAlyzer looks good...
and also from whois if i use from a web service .
i found i have problem in whois lookup command only for .ovh domains
i open a ticket to ovh
thanks a lot


# whois demomql.ovh
[Querying whois-ovh.nic.fr]
[whois-ovh.nic.fr: Name or service not known]
[Unable to connect to remote host]