Consider the follwing example: Server A DNSSEC=yes DNSSEC-validation=yes Valid trust anchor for the root zone DNSSEC validation seems to work correctly Zone one.com. is setup as a forward zone to server B
Server B DNSSEC=no DNSSEC-validation=N/A authoritative and the master for one.com. When server A has DNSSEC turned on, requests for resolution of hosts in zone one.com. get a SERVFAIL response (DNSSEC Signature issues). When server A has DNSSEC turned off, requests for resolution of hosts in zone one.com. succeed. While I can fix the errors by turning DNSSEC off on server A, I'd like to enable DNSSEC validation at some point in the not too distant future. Both servers are running bind 9.10. Am I missing something? Regards, Bob
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users