# test zone file nsd-checkzone -p in.gnunux.info /etc/nsd/in.gnunux.info.zone.signed nsd-checkzone -p 47.168.192.in-addr.arpa. /etc/nsd/47.168.192.in-addr.arpa.reverse.signed # resolvectl resolvectl log-level debug pour les versions plus ancien, éditer : /var/lib/machines/lemonldap.in.gnunux.info/lib/systemd/system/systemd-resolved.service Ajouter : [Service] Environment=SYSTEMD_LOG_LEVEL=debug # verification avec delv cat keys ``` trusted-keys { in.gnunux.info. 257 3 13 "USFnZ0by5kztge0ATp0RGnLmiE6moqF97MkhkeeYRZHk38ZBma3Ww2yr C2wImxlu7cCPIcLzh6fJhZNESHqngQ=="; }; ``` ## Pas correctement signé ``` root@debian:~# delv @192.168.45.11 -a keys +root=in.gnunux.info ldap.in.gnunux.info. A ;; keys:1: option 'trusted-keys' is deprecated ;; validating ldap.in.gnunux.info/A: no valid signature found ;; RRSIG failed to verify resolving 'ldap.in.gnunux.info/A/IN': 192.168.45.11#53 ;; resolution failed: RRSIG failed to verify ``` ## Correctement signé ``` root@debian:~# delv @192.168.45.11 -a keys +root=in.gnunux.info lemonldap.in.gnunux.info. A ;; keys:1: option 'trusted-keys' is deprecated ; fully validated ``` # increase loglevel echo """server: debug-mode: yes verbosity: 10 """ > /etc/nsd/conf.d/debug.conf systemctl restart nsd journalctl -fu nsd