On 02/27/2013 08:34 PM, Mark Andrews wrote:
In message <512e31ca.5030...@htt-consult.com>, Robert Moskowitz writes:
For various testing reasons, I have been running a tld here of htt. It
has worked of old and continues to work on my new 9.8.2 Centos servers.
Problem came up from a namecaching server that 'forwards only' to my
internal server. It cannot resolve any hosts in this tld and on the
server forwarded to I see:
Well one really shouldn't be creating one's own tlds. That said
sign the zone and add a trust anchor (managed-keys/trusted-keys)
for it. The validator won't ask the root zone for the DS records
from the zone once you do that.
So I get to dive into zone signing slightly before I wanted to. Well
time to get my feet wet!
Anything from 9.3.0 onwards can sign modern ones. If you want NSEC3
the 9.6.0 onwards.
The 9.6.2 server has a bunch of cruft on it that makes it hard to muck
with. It is scheduled for replacement as well, but it is last on the
list. Maybe just signing the tld will 'fix' this for now.
Feb 27 11:16:14 rigel named[9294]: error (chase DS servers) resolving
'htt-consult.com/DS/IN': 208.83.67.188#53
Something not fully dnssec aware in the resolution path?
Probably. NetSol is my registry...
Time to unlock it and move it.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
