Hello, again.
Guys, sorry once again, but my dnssec implementation didn't work out. Using 9.16.23 (I have that problem of keys being regenerated every restart, but I'll learn to sign the zone later using the original key- Bug solved in version 9.16.30). After providing my DNSKEY record to parent domain, the test performed by dnssec-analyzer showed everything ok, nevertheless, all queries except those about my.domain were Rejected with SERVFAIL. dig @my.server or dig @localhost My secondary dns server hold everything while testing, and I noticed I had dnssec-validation auto; on it. After reverting my primary dns configuration, and asking my provider to remove the DNSKEY, I had to include dnssec-validation no; otherwise it would keep answering with SERVFAIL I noticed the server was constantly trying to reach top domain dns servers. Is this dnssec-validation mandatory? Any help appreciated. Regards David
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users