dnssec enabled recursive server
Alexa Petrean
apetrean at bluecatnetworks.com
Fri Oct 23 19:59:53 UTC 2009
Have you configured the trusted anchor for the signed TLD on your
recursive server?
-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Pamela Rock
Sent: Friday, October 23, 2009 3:07 PM
To: bind-users at isc.org
Subject: dnssec enabled recursive server
This environment is in a lab.
I have a DNSSEC enabled server with a signed .TLD zone (again, in a
lab). I have a client that can accurately run queries against the
signed .TLD zone.
So this works...
DNSSEC Enabled Client => DNSSEC Enabled .TLD
I'm trying to put a recursive BIND 9.6.1-P1 server between .TLD and the
client.
DNSSEC Enabled Client => Recursive BIND => DNSSEC Enabled .TLD
I setup the cache file on the recursive BIND to point all root servers
to the DNSSEC Enabled .TLD. I enabled dnssec-enable and
dnssec-validation in the named.conf. I pulled the keys from DNSSEC
Enabled .TLD using dig +dnssec com @test.server.TLD and put them in the
named.conf. Yet my recursive DNSSEC 9.6.1 server does not answer DNSSEC
queries from the client.
Any hints or clues to how to make the recursive DNSSEC work would be
appreciated. Thanks in advanced.
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list