On 19-02-2025 11:44, Mark Andrews wrote:
The posix boxes are validating the responses and your zone is not properly
delegated/signed so DNSSEC validation fails.
Is there a way to overcome this?
They are not delegated, since they are not public.
- Or am I missing something?
But explains why external queries works....
What does the following return?
dig +cd +dnssec mail.jungersen.dk
I assume I should use the failing bind, so I ran:
dig +cd +dnssec mail.jungersen.dk @127.0.0.1
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> +cd +dnssec mail.jungersen.dk
@127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48939
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; COOKIE: 52f0a7e82a12fe100100000067b5b70dfe529ce9754d3aa8 (good)
;; QUESTION SECTION:
;mail.jungersen.dk. IN A
;; ANSWER SECTION:
mail.jungersen.dk. 372094 IN A 192.168.20.9
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 19 11:48:45 CET 2025
;; MSG SIZE rcvd: 90
BR
Danjel
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
