DNSSEC Question
Bob McDonald
bmcdonaldjr at gmail.com
Wed Apr 11 13:32:53 UTC 2018
Consider the follwing example:
Server A
DNSSEC=yes
DNSSEC-validation=yes
Valid trust anchor for the root zone
DNSSEC validation seems to work correctly
Zone one.com. is setup as a forward zone to server B
Server B
DNSSEC=no
DNSSEC-validation=N/A
authoritative and the master for one.com.
When server A has DNSSEC turned on, requests for resolution of hosts in
zone one.com. get a SERVFAIL response (DNSSEC Signature issues).
When server A has DNSSEC turned off, requests for resolution of hosts in
zone one.com. succeed.
While I can fix the errors by turning DNSSEC off on server A, I'd like to
enable DNSSEC validation at some point in the not too distant future. Both
servers are running bind 9.10. Am I missing something?
Regards,
Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180411/b7ed82bb/attachment.html>
More information about the bind-users
mailing list