dnssec dlv
Mark Andrews
marka at isc.org
Fri May 21 01:45:49 UTC 2010
In message <AANLkTikyZnh9_CGPb2EFYE_-yuU4N3bs75Fwzp-jZQRz at mail.gmail.com>, itse
rvices88 writes:
> Hi,
>
> Whenever i enable:
>
> dnssec-lookaside "." trust-anchor "DLV.ISC.ORG";
>
> in the named.conf, restart bind, the dns resolution stops. One the same FC12
> machine, dig using an outside dns server has no issues resolving with
> +dnssec option. I am using bind 9.6.2 that came with FC12.
>
> Any thoughts ?
>
> -dani
Have you added the trusted-keys clause for dlv.isc.org?
trusted-keys {
dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
};
Does "dig +cd +dnssec dlv.isc.org dnskey" return RRSIGS.
e.g.
; <<>> DiG 9.3.6-P1 <<>> +cd +dnssec dlv.isc.org dnskey
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
;; flags: qr rd ra ad cd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;dlv.isc.org. IN DNSKEY
;; ANSWER SECTION:
dlv.isc.org. 2077 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7 GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9S BdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBF tCibp/mkhw==
dlv.isc.org. 2077 IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh
dlv.isc.org. 2077 IN RRSIG DNSKEY 5 3 7200 20100619164502 20100520164502 19297 dlv.isc.org. OKURcBkX5iiDC1q87HsSs2xDcDrMm5aPAlYHkPqkHCy7UyTOnCr6cwwN W42mdG4nmpURR4aDGiPlfc1lomE5kA5wOcXASgfMO8eQoOOIyZcBngOb WaE0KY+e/xU37kf7Ms7g6UxTnL+hcjbYgZf2rwN7J1RXf0Z5PfyyASXi ybf3iYGs7GusXgLZ0ZEWQh0zglo2ym56CVt2TbIljJFB0lzAvezos36R SWAYfLLsfGp3v9WfG7e3D8nLvbq5D7+K3IciELr73TVly924uwfAQeEa df40dVR6qyQ++/HWaGr1wOIGLQBRzTX8gKK9RlmcHHcIZo0EFPJo0mf7 Abqpxw==
dlv.isc.org. 2077 IN RRSIG DNSKEY 5 3 7200 20100619164502 20100520164502 64263 dlv.isc.org. LZd6TanU48C2BNKZhuj4vMyquNE9mnbUmk9Zy+NbIKPmJ+h2uLq2EonO GfUkxku7ZPky9DnJ3O05gwcEbVrFDjqtK+hcweu7x+wu0OaXJNsVRJ69 wQpQEkVNgoPNYsHQ6ru65ZwmOm8yRvr/1lXhbJId6j0Y2QZVXvCzVGuA 58Q=
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 21 11:45:00 2010
;; MSG SIZE rcvd: 936
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list