DNSSEC validation option in BIND 9.10
Tom Yard
tomyyard at gmail.com
Fri Oct 5 19:36:52 UTC 2018
Hi people, I have two BIND 9.10.3 servers with DNSSEC validation enabled,
one in one client and the other in another client.
Both BIND have the same configuration lines relative to DNSSEC validation:
dnssec-validation auto;
dnssec-enable yes;
and both has the current and future key in bind.keys.
But I have a problem: in one of these BIND servers, when I execute certains
manual query, for example:
dig www.pami.org.ar
dig www.anses.gob.ar
I get:
Host www.pami.org.ar not found: 2(SERVFAIL)
Host www.anses.gob.ar not found: 2(SERVFAIL)
But if I change the line:
dnssec-validation auto;
for this:
dnssec-validation yes;
the DNS queries are succesful. But if I maintain the line
"dnssec-validation yes;" then the DNSSEC validation desn't work anymore.
Can you explain me reason for this behaviour? I want to have DNSEC
validation, but if I put "dnssec-validation auto;" the DNSSEV validation
works OK but I have resolution problems with certain domains.
Thanks a lot, bye.
Tomy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181005/3a5c5a20/attachment.html>
More information about the bind-users
mailing list