DNSSEC not populating parent zone files with DS records
Raymond Drew Walker
Ray.Walker at nau.edu
Fri Sep 30 22:26:34 UTC 2011
In our initial implementation of DNSSEC, we chose to try out the "auto"
functionalities in version 9.8.0 P4 ie. using "auto-dnssec maintain" in
all master zones.
When going live, we found that though all zones that we are acting as
master for would populate their own DS records, but there would be no
population of a child zone's DS record in the corresponding parent master
zone file.
This means upon go-live, any DNSSEC validation of our children zones
(X.nau.edu, Y.X.nau.edu etc.) would fail, though our root master zone
(nau.edu) would validate fine.
We have since backed out DNSSEC until we can get a resolution of the issue.
After much research, I'm not sure why this is happening... Any suggestions
or ideas?
Raymond Walker
Software Systems Engineer Sr.
ITS Northern Arizona University
More information about the bind-users
mailing list