Dig +topdown
Daniel McDonald
dan.mcdonald at austinenergy.com
Fri Jul 1 16:09:48 UTC 2011
I set up a zone with dnssec, and wanted to verify that it was working
properly. But I appear to have trouble with the root KSK.
$ dig +dnssec danmcdonald.us +topdown
;; No trusted key, +sigchase option is disabled
; <<>> DiG 9.7.3-P1 <<>> +dnssec danmcdonald.us +topdown
I appear to have the managed-keys-zone loading properly:
In named.conf, I have the managed-keys stanza with the initial key. Named
loaded the mananged-keys-zone file and loads the zone at startup:
01-Jul-2011 08:40:54.738 general: info: managed-keys-zone ./IN: loaded
serial 2
[named]$ cat managed-keys.bind
$ORIGIN .
$TTL 0 ; 0 seconds
@ IN SOA . . (
2 ; serial
[...]
I have the dnssec flags enabled in the options{} stanza:
dnssec-enable yes;
dnssec-validation yes;
It appears that sigchase is enabled in named:
[named]$ /usr/sbin/named -V
BIND 9.7.3-P1 built with 'x86_64-mandriva-linux-gnu' '--program-prefix='
'--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/lib64'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--x-includes=/usr/include'
'--x-libraries=/usr/lib64' '--localstatedir=/var'
'--disable-openssl-version-check' '--enable-threads' '--enable-largefile'
'--enable-ipv6' '--enable-filter-aaaa' '--enable-epoll'
'--with-openssl=/usr' '--with-gssapi=/usr' '--disable-isc-spnego'
'--with-randomdev=/dev/urandom' '--with-libxml2=yes'
'--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-bdb=no'
'--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no'
'--with-dlz-stub=yes' 'build_alias=x86_64-mandriva-linux-gnu'
'host_alias=x86_64-mandriva-linux-gnu'
'target_alias=x86_64-mandriva-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wformat
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector
--param=ssp-buffer-size=4 -fstack-protector-all -DLDAP_DEPRECATED' 'LDFLAGS=
-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-O1 -Wl,--build-id
-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-O1 -Wl,--build-id
-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-O1 -Wl,--build-id
-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-O1 -Wl,--build-id'
'CPPFLAGS= -DDIG_SIGCHASE'
Any advise as to what I might be doing wrong?
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110701/5d4f7c75/attachment.html>
More information about the bind-users
mailing list