Behavior of delegation records for dnssec

[rams]

Hi,

I have delegation of NS records in my zone and i signed zone using RSASHA1
algorithm. It is signed successfully. When I checked the the zone i am not
seeing RRSIG for delegated NS records. When I query for delegated NS record
with dnssec, it is returning NS records, NSEC and RRSIG for NSEC and also
glue records returned in additional section with out any RRSIG. Dig results
are given below.

; <<>> DiG 9.6.1-P3 <<>> @localhost srs.net.nu.moon. A +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40245
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;srs.net.nu.moon.               IN      A

;; AUTHORITY SECTION:
srs.net.nu.moon.        86400   IN      NS      ns1.dns.net.nu.moon.
srs.net.nu.moon.        86400   IN      NS      ns2.dns.net.nu.moon.
srs.net.nu.moon.        86400   IN      NS      ns3.dns.net.nu.moon.
srs.net.nu.moon.        86400   IN      NSEC    net.nu.moon. NS RRSIG NSEC
srs.net.nu.moon.        86400   IN      RRSIG   NSEC 5 4 86400
20100521075518 20100421075518 57966 net.nu.moon.
DxLpXxvkOsLVruDKp1K/K7FUPpxlxI/awCOtggM6m6T/d26iGwDJ1wqW
5PTQ6baNCgUTUbiydNEpHmKR7Z1bqQ==

;; ADDITIONAL SECTION:
ns1.dns.net.nu.moon.    86400   IN      A       202.46.190.130
ns1.dns.net.nu.moon.    86400   IN      AAAA    2001:dce:2000:2::130
ns2.dns.net.nu.moon.    86400   IN      A       202.46.191.130

Why i am not getting RRSIG for NS records and also RRSIG for additional
section records. Is there any configuration required for glue records and
delegated records . Please clarify me on this.

Thanks,
Ramesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100511/4bd31ca9/attachment.html>