[DNSSEC] SERVFAIL when resolving ".gov" through DLV
Mark Elkins
mje at posix.co.za
Wed May 6 07:00:58 UTC 2009
On Tue, 2009-05-05 at 13:45 -0500, Jeremy C. Reed wrote:
> On Tue, 5 May 2009, Stephane Bortzmeyer wrote:
>
> > This is a BIND 9.5.1-P1, Debian package. It is configured to use ISC's
> > DLV:
>
> https://www.isc.org/node/437
Question on using "trusted-keys":
There are two public sources of "trusted-keys" - ISC's DLV via
http://ftp.isc.org/www/dlv/dlv.isc.org.named.conf and Iana's ITAR via
https://itar.iana.org/anchors/anchors.xml (though this needs to be
'expanded').
One might also have one's own personal list for local use?
Some sections in "named.conf" should logically only be there once (eg,
options and logging), some should be there multiple times (zone
definitions).
Can "trusted-keys" be defined multiple times? - or should there only be
one trusted-keys section? I know multiple keys in one trusted-keys
section works just fine - which might imply one can only have one
trusted-key definition?
A 'man named.conf' is not immediately obvious about this.
--
. . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the bind-users
mailing list