Hi Amaury. You should be able to do this by defining your own trust anchors. This should explain what you need: https://bind9.readthedocs.io/en/latest/dnssec-guide.html#trusted-keys-and-managed-keys
Have fun. Greg On Sat, 16 Mar 2024 at 13:38, Amaury Van Pevenaeyge < avanpevenae...@outlook.fr> wrote: > Hello I'm a student in my last year of the Master in Cybersecurity at ULB. > As part of my thesis, I'm doing research to develop a DNS Amplification > scenario that will eventually be deployed within a Cyber Range. I have to > carry out various measurements and develop different attacks in a virtual > environment. I've already been able to set up my entire environment in > VirtualBox for DNS (i.e. without DNSSEC). Now I need to deploy DNSSEC on my > server. I've managed to generate my key pairs and sign my DNS zones. > However, when I try to do a dig from my client VM, I get a SERVFAIL. I > think this is because the chain of trust can't be established, which in my > case is perfectly normal as I'm in an isolated test environment. So how can > I deploy DNSSEC correctly so that the chain of trust is not taken into > account and it works in my virtual environment? I think I know how DNSSEC > works, but if you also have any clarification to offer, I'd be delighted to > hear from you. My BIND server runs on an Ubuntu22.04 Jammy Jellyfish VM. > > Thanks in advance for your help. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
