DNSSEC deployement in an isolated virtual environment

[Greg Choules]

Hi Amaury.
You should be able to do this by defining your own trust anchors. This
should explain what you need:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#trusted-keys-and-managed-keys

Have fun.
Greg

On Sat, 16 Mar 2024 at 13:38, Amaury Van Pevenaeyge <
avanpevenaeyge at outlook.fr> wrote:

> Hello I'm a student in my last year of the Master in Cybersecurity at ULB.
> As part of my thesis, I'm doing research to develop a DNS Amplification
> scenario that will eventually be deployed within a Cyber Range. I have to
> carry out various measurements and develop different attacks in a virtual
> environment. I've already been able to set up my entire environment in
> VirtualBox for DNS (i.e. without DNSSEC). Now I need to deploy DNSSEC on my
> server. I've managed to generate my key pairs and sign my DNS zones.
> However, when I try to do a dig from my client VM, I get a SERVFAIL. I
> think this is because the chain of trust can't be established, which in my
> case is perfectly normal as I'm in an isolated test environment. So how can
> I deploy DNSSEC correctly so that the chain of trust is not taken into
> account and it works in my virtual environment? I think I know how DNSSEC
> works, but if you also have any clarification to offer, I'd be delighted to
> hear from you. My BIND server runs on an Ubuntu22.04 Jammy Jellyfish VM.
>
> Thanks in advance for your help.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240316/fafeb046/attachment.htm>