DLV dnssec setup
Wolfgang Rosenauer
wrosenauer at gmail.com
Fri Jul 11 06:27:52 UTC 2014
On Fri, Jul 11, 2014 at 1:32 AM, Mark Andrews <marka at isc.org> wrote:
>
> Then all of the following should succeed. Please let the
> list know how you go.
>
> dig soa . @198.41.0.4 +norec
> dig soa . @198.41.0.4 +dnssec +norec
> dig dnskey . @198.41.0.4 +dnssec +norec
> dig ds com @198.41.0.4 +dnssec +norec
> dig com @198.41.0.4 +dnssec +norec
>
> dig soa . @198.41.0.4 +tcp +norec
> dig soa . @198.41.0.4 +dnssec +tcp +norec
> dig dnskey . @198.41.0.4 +dnssec +tcp +norec
> dig ds com @198.41.0.4 +dnssec +tcp +norec
> dig com @198.41.0.4 +dnssec +tcp +norec
>
> dig dnskey org +dnssec @199.19.56.1 +ignore +norec
> dig dnskey org +dnssec @199.19.56.1 +tcp +norec
All but one request succeeded:
s15418965:~ # dig dnskey org +dnssec @199.19.56.1 +ignore +norec
; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> dnskey org +dnssec @199.19.56.1
+ignore +norec
;; global options: +cmd
;; connection timed out; no servers could be reached
I've captured with tcpdump (filter on port 53) and there were 3
queries but no single reply packet.
IP is reachable though.
s15418965:~ # ping 199.19.56.1
PING 199.19.56.1 (199.19.56.1) 56(84) bytes of data.
64 bytes from 199.19.56.1: icmp_seq=1 ttl=55 time=130 ms
Wolfgang
More information about the bind-users
mailing list