On 05/20/2010 09:10 PM, itservices88 wrote: > Verifying the zone using the following algorithms: RSASHA1. > Missing RSASHA1 signature for . NSEC
You seem to have a record for "." somewhere in your zone file. Did you load the unsigned zone into BIND before? It should have logged a warning about that record. > dnssec-enable yes; > dnssec-validation yes; >// dnssec-lookaside "." trust-anchor "DLV.ISC.ORG"; > With the trust-anchor uncommented, as soon as i enable and reload bind, dig > gives timeout, while dig has no issues with first two commands enabled. Do you have a firewall in the path that would block large DNS responses or fragments? Hauke.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
