On Fri, 2 Oct 2009, Mark Andrews wrote:
zone "ca." IN {
type stub;
masters { 192.228.22.190; 192.228.22.189; };
};
To make the test signed ca work you need to replace the NS RRet
with the names of the nameservers that serve the signed CA zone.
At the moment you end up with those that server unsigned content
which is correctly rejected. Stubs pre-populate the delegation,
they do not override the delegation.
It seems that using a forward type zone does work:
zone "ca." IN {
type forward;
forwarders { 66.241.135.248; 193.110.157.136; };
};
dig +dnssec -t ds xelerance.ca. @localhost
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 12, ADDITIONAL: 1
I had tried it before and it failed. Must have been an operator error.
Paul
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
