Behavior of delegation records for dnssec
rams
bramesh80 at gmail.com
Tue May 11 04:40:44 UTC 2010
Hi,
I have delegation of NS records in my zone and i signed zone using RSASHA1
algorithm. It is signed successfully. When I checked the the zone i am not
seeing RRSIG for delegated NS records. When I query for delegated NS record
with dnssec, it is returning NS records, NSEC and RRSIG for NSEC and also
glue records returned in additional section with out any RRSIG. Dig results
are given below.
; <<>> DiG 9.6.1-P3 <<>> @localhost srs.net.nu.moon. A +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40245
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;srs.net.nu.moon. IN A
;; AUTHORITY SECTION:
srs.net.nu.moon. 86400 IN NS ns1.dns.net.nu.moon.
srs.net.nu.moon. 86400 IN NS ns2.dns.net.nu.moon.
srs.net.nu.moon. 86400 IN NS ns3.dns.net.nu.moon.
srs.net.nu.moon. 86400 IN NSEC net.nu.moon. NS RRSIG NSEC
srs.net.nu.moon. 86400 IN RRSIG NSEC 5 4 86400
20100521075518 20100421075518 57966 net.nu.moon.
DxLpXxvkOsLVruDKp1K/K7FUPpxlxI/awCOtggM6m6T/d26iGwDJ1wqW
5PTQ6baNCgUTUbiydNEpHmKR7Z1bqQ==
;; ADDITIONAL SECTION:
ns1.dns.net.nu.moon. 86400 IN A 202.46.190.130
ns1.dns.net.nu.moon. 86400 IN AAAA 2001:dce:2000:2::130
ns2.dns.net.nu.moon. 86400 IN A 202.46.191.130
Why i am not getting RRSIG for NS records and also RRSIG for additional
section records. Is there any configuration required for glue records and
delegated records . Please clarify me on this.
Thanks,
Ramesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100511/4bd31ca9/attachment.html>
More information about the bind-users
mailing list