Hi, I have delegation of NS records in my zone and i signed zone using RSASHA1 algorithm. It is signed successfully. When I checked the the zone i am not seeing RRSIG for delegated NS records. When I query for delegated NS record with dnssec, it is returning NS records, NSEC and RRSIG for NSEC and also glue records returned in additional section with out any RRSIG. Dig results are given below.
; <<>> DiG 9.6.1-P3 <<>> @localhost srs.net.nu.moon. A +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40245 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;srs.net.nu.moon. IN A ;; AUTHORITY SECTION: srs.net.nu.moon. 86400 IN NS ns1.dns.net.nu.moon. srs.net.nu.moon. 86400 IN NS ns2.dns.net.nu.moon. srs.net.nu.moon. 86400 IN NS ns3.dns.net.nu.moon. srs.net.nu.moon. 86400 IN NSEC net.nu.moon. NS RRSIG NSEC srs.net.nu.moon. 86400 IN RRSIG NSEC 5 4 86400 20100521075518 20100421075518 57966 net.nu.moon. DxLpXxvkOsLVruDKp1K/K7FUPpxlxI/awCOtggM6m6T/d26iGwDJ1wqW 5PTQ6baNCgUTUbiydNEpHmKR7Z1bqQ== ;; ADDITIONAL SECTION: ns1.dns.net.nu.moon. 86400 IN A 202.46.190.130 ns1.dns.net.nu.moon. 86400 IN AAAA 2001:dce:2000:2::130 ns2.dns.net.nu.moon. 86400 IN A 202.46.191.130 Why i am not getting RRSIG for NS records and also RRSIG for additional section records. Is there any configuration required for glue records and delegated records . Please clarify me on this. Thanks, Ramesh
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
