On 09/06/2011 01:54 AM, Mark Andrews wrote:
> In message <1315237316.31288.2.ca...@ns.five-ten-sg.com>, Carl Byington
> writes:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>>
>>> "dnssec-lookaside auto;" only pulls the "dlv.isc.org" key out of
>>> that file. The root's key is just for
In message <1315237316.31288.2.ca...@ns.five-ten-sg.com>, Carl Byington writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> > "dnssec-lookaside auto;" only pulls the "dlv.isc.org" key out of
> > that file. The root's key is just for reference in BIND 9.7.x. If
> > you just include
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "dnssec-lookaside auto;" only pulls the "dlv.isc.org" key out of
> that file. The root's key is just for reference in BIND 9.7.x. If
> you just include that file into named.conf it will load the root's
> key and org's answers will validate.
> e.g
In message <1315192045.25202.21.ca...@ns.five-ten-sg.com>, Carl Byington writes
:
> > /etc/named.isc.keys contains:
>
> > Is that file included in named.conf?
> > What dnssec settings do you have in named.conf?
>
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside auto;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> /etc/named.isc.keys contains:
> Is that file included in named.conf?
> What dnssec settings do you have in named.conf?
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/
In message <1315164026.25202.16.ca...@ns.five-ten-sg.com>, Carl Byington writes:
>
> I am trying to build bind 9.7.4 from source on centos6, starting with a
> stock fedora14 source rpm. It seems to be working, but won't validate
> against the root key, but it will against the dlv.isc.org keys.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am trying to build bind 9.7.4 from source on centos6, starting with a
stock fedora14 source rpm. It seems to be working, but won't validate
against the root key, but it will against the dlv.isc.org keys.
dig org ns +dnssec @localhost
;; flags: qr r
7 matches
Mail list logo
