On 10/5/2011 5:21 AM, Sergio Charpinel Jr. wrote:
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works. If I disable dnssec in my
> recursive server, it also works.
> So, if a zone is not signed properly (or doesnt have DS records) the
> query
Sergio Charpinel Jr. wrote:
>
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works.
That sounds like you had no delegation RRs in the parent zone. In that
case the parent zone will contain a secure denial of existence of the
child zone. If you
o
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC SERVFAIL when parent zone has no DS record
Marc,
After suplying DS and the respective NS record for subdomain in the
parent zone (domain.com), it works. If I disable dnssec in my
recursive server, it also works.
So, if a zone is not signed properly
..@gmail.com]
> Sent: 05 October 2011 01:57 PM
> To: bind-users@lists.isc.org
> Subject: DNSSEC SERVFAIL when parent zone has no DS record
>
> Hi,
>
> Dig returns SERVFAIL while trying to resolve a dnssec enabled zone
> without DS record in parent zone. For example, I hav
y,
but I'd check if domain.com. itself is properly signed.
Kind regards,
Marc Lampo
-Original Message-
From: Sergio Charpinel Jr. [mailto:sergiocharpi...@gmail.com]
Sent: 05 October 2011 01:57 PM
To: bind-users@lists.isc.org
Subject: DNSSEC SERVFAIL when parent zone has no DS record
Hi
Hi,
Dig returns SERVFAIL while trying to resolve a dnssec enabled zone
without DS record in parent zone. For example, I have these two DNSSEC
enabled zones:
domain.com
subdomain.domain.com
domain.com zone has NO DS record for subdomain.domain.com zone, and
subdomain.domain.com has an A record fo
6 matches
Mail list logo
