dnssec-validation?
David Carvalho
david at di.ubi.pt
Wed Apr 12 16:41:33 UTC 2023
Hello, again.
Guys, sorry once again, but my dnssec implementation didn't work out.
Using 9.16.23 (I have that problem of keys being regenerated every restart,
but I'll learn to sign the zone later using the original key- Bug solved in
version 9.16.30).
After providing my DNSKEY record to parent domain, the test performed by
dnssec-analyzer showed everything ok, nevertheless, all queries except those
about my.domain were
Rejected with SERVFAIL.
dig @my.server or dig @localhost
My secondary dns server hold everything while testing, and I noticed I had
dnssec-validation auto; on it.
After reverting my primary dns configuration, and asking my provider to
remove the DNSKEY, I had to include dnssec-validation no; otherwise it would
keep answering with SERVFAIL
I noticed the server was constantly trying to reach top domain dns servers.
Is this dnssec-validation mandatory? Any help appreciated.
Regards
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230412/31b72171/attachment.htm>
More information about the bind-users
mailing list