ISC DLV dnssec
R Dicaire
kritek at gmail.com
Mon Apr 6 01:05:42 UTC 2009
On Sun, Apr 5, 2009 at 8:48 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
> Named is still able to return answers if you tell it not to
> validate the answers by setting CD=1 in the query. This flag
> is usually used when you have a validating resolver using another
> validating resolver to get its answers.
>
> When the lookups were failing answers like this were returned.
The one thing I didn't do was a direct dig itself. I was tailing
dnssec.log and watching the DLV lookups failing, and my web browser
was failing to load any site, reporting the hostname couldn't be
resolved.
Above, you mention setting CD=1 in the query. How is this done by
applications trying to resolve hostnames
when there's a problem like last nights? Would setting the named.conf
directive dnssec-validation no;
do this? (as I mentioned previously, I had to comment out
dnssec-validation and the trust anchor directive that points to ISC so
I could resolve queries)
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
More information about the bind-users
mailing list