DNSSEC SERVFAIL when parent zone has no DS record
Tony Finch
dot at dotat.at
Wed Oct 5 12:54:43 UTC 2011
Sergio Charpinel Jr. <sergiocharpinel at gmail.com> wrote:
>
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works.
That sounds like you had no delegation RRs in the parent zone. In that
case the parent zone will contain a secure denial of existence of the
child zone. If you have delegation NS RRs but no DS RRs, this is an
insecure delegation in which the parent says the child zone exists but is
not signed (at least not in a way that the parent can authenticate).
> How can I provide more data for diagnose??
Provide real zone names and name server IP addresses.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Rockall, Malin: West 6 to gale 8, increasing severe gale 9, perhaps storm 10
later. Very rough becoming high. Squally showers. Good, occasionally poor.
More information about the bind-users
mailing list