On 10/5/2011 5:21 AM, Sergio Charpinel Jr. wrote:
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works. If I disable dnssec in my
> recursive server, it also works.
> So, if a zone is not signed properly (or doesnt have DS records) the
> query
Sergio Charpinel Jr. wrote:
>
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works.
That sounds like you had no delegation RRs in the parent zone. In that
case the parent zone will contain a secure denial of existence of the
child zone. If you
o
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC SERVFAIL when parent zone has no DS record
Marc,
After suplying DS and the respective NS record for subdomain in the
parent zone (domain.com), it works. If I disable dnssec in my
recursive server, it also works.
So, if a zone is not signed properly
Marc,
After suplying DS and the respective NS record for subdomain in the
parent zone (domain.com), it works. If I disable dnssec in my
recursive server, it also works.
So, if a zone is not signed properly (or doesnt have DS records) the
query will fail? Isn't it better to query those misconfigur
Hello,
You do not provide sufficient data for diagnose !
But it seems to me that bind is not complaining about the DS of
subdomain.domain.com.
but rather about a
"missing RRSIG for a NSEC when fetching DS of domain.com."
Admittingly, logmessages could be somewhat more userfriendly,
but I'd check
5 matches
Mail list logo
