Hello, again.

Guys, sorry once again, but my dnssec implementation didn't work out.

Using 9.16.23 (I have that problem of keys being regenerated every restart,
but I'll learn to sign the zone later using the original key- Bug solved in
version 9.16.30).

 

After providing my DNSKEY record to parent domain, the test performed by
dnssec-analyzer showed everything ok, nevertheless, all queries except those
about my.domain were

Rejected with SERVFAIL.   

dig @my.server or dig @localhost

My secondary dns server hold everything while testing, and I noticed I had
dnssec-validation auto; on it.

 

After reverting my primary dns configuration, and asking my provider to
remove the DNSKEY, I had to include dnssec-validation no; otherwise it would
keep answering with SERVFAIL

I noticed the server was constantly trying to reach top domain dns servers.

Is this dnssec-validation mandatory? Any help appreciated.

Regards

 

David

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to