Server No 1 for UnBound "172.16.96.196":- I am already add trust-anchor: "myTLD. IN DS 18016 7 2 C160C68025F1909143A28296355EA3999B98A1D10752124154UC84BC 4DE82627"
service unbound restart >>> ok Server No 2 for UnBound :- This server contain the signed zone add to named.conf , i edited /etc/resolv.conf to point to the server no 1 "nameserver -------- ". when i try to dig myDOmain.myTLD "A record" , ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +dnssec myDOmain.myTLD +multi ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50746 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;myDOmain.myTLD. IN A ;; Query time: 0 msec ;; SERVER: 172.16.96.196#53(172.16.96.196) ;; WHEN: Fri Sep 19 14:11:40 2014 ;; MSG SIZE rcvd: 49 Could you advise ? Really appreciate your replay. ________________________________________ From: Unbound-users [[email protected]] on behalf of W.C.A. Wijngaards [[email protected]] Sent: Friday, September 19, 2014 1:00 PM To: Abdelmeniem Tharwat; [email protected] Subject: Re: [Unbound-users] DNSSEC Validation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Abdelmeniem, Copy the DS record in a text file: echo " .... DS record ... " > mykeyfile Change unbound.conf: trust-anchor-file: "mykeyfile" restart unbound. Best regards, Wouter On 09/19/2014 11:14 AM, Abdelmeniem Tharwat wrote: > I am already signed my zone , and have a DS record , but can not > know how to upload this DS to unbound ? and How to add my zone to > UnBound ? Could you explain this step by step ? I am using Red-Hat > Linux. Thnx alot > > > -----Original Message----- From: Unbound-users on behalf of W.C.A. > Wijngaards Sent: Fri 19/09/2014 09:01 AM To: > [email protected] Subject: Re: [Unbound-users] DNSSEC > Validation > > Hi Adbalmonem, > > You need to sign your zone. Then load the public key into unbound > (with trust-anchor-file: "myfile" and myfile is a text file with > the DNS resource records for the zone public key in it, you could > simply copy them from the zonefile). > > Best regards, Wouter > > On 09/18/2014 08:51 PM, Abdalmonem Tharwat Galila wrote: >> Any update !!! > >> Sent from my iPhone > >>> On Sep 17, 2014, at 7:43 PM, Abdalmonem Tharwat Galila >>> <[email protected]> wrote: >>> >>> Hi , How can I add my local zone to be DNSSEC validated in >>> unbound ? >>> >>> Sent from my iPhone >> _______________________________________________ Unbound-users >> mailing list [email protected] >> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > > > _______________________________________________ Unbound-users > mailing list [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUG/6xAAoJEJ9vHC1+BF+N1ZAQALHSFQTOvMw92FOaMUvIe9ai 8JEJ8taj09PBf6KOT4am3g+IzU4MSXgRzPpmUNa9obBpG+H0u9Bo01Tk1LjuH+vc dYsVnixLGsR/WeEBwUGrCxDbppawCIbJTHR7lfB2CJ+mar+023CSyzle/xywcHCm EdIh/4DwSiyZgsGlslTgNDfQagJ1+X0ZzQt07tGcUHCqS0pvp6oGcbH79FngDs1R 0TJvFse/bc6nJUMbVpcUfxkm7jCN1uzFaIP+IfPPZmSuxBFAF7vLhUM2085mOc1K ZO+qUsMGVBg6lZTccCd33hwn+krT7XR1GeuiTsjeKEPFXNBFfivhWHi/fhezwPcg V2AO2FJm2uF+gSr3Wv3mhxXJ/eL/His84b6hzsvvBraEmJBkY69bNzh3oc3bE9aH Z/9YHvL+LjNppfwLzmkSKgjKvh24G9r4BWrBEcziTvfPiCLhduvBjjmhbFzyv/4L Ev+J2U80zjNA2JVOpZhhcQWWrBOGlnhTIN+WsYrwMrUnBVnl8wAwCxHAZTKpA6Zv Au1uN14sODU8qv6R5mEx87OUpUYIU1H3ziKI/KfyVogERVOb8g+rP8CDfuQbjDJe FavwgA3fN5L8tovc0KAQKyFU+4GkQkz2Ie5LI4i+ehq3qReaOAQfI9LQrqhwX/e7 Isclh8gmrdfYgWpqpNlX =0OGP -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
