Skip to Content.
Sympa Menu

discuss - [opennic-discuss] DNSSec troubles

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

[opennic-discuss] DNSSec troubles


Chronological Thread 
    < Chronological >      < Thread >
  • From: Justin Vallon <justinvallon AT gmail.com>
  • To: discuss AT lists.opennicproject.org
  • Subject: [opennic-discuss] DNSSec troubles
  • Date: Sat, 29 Jun 2013 13:28:32 -0400
I recently upgraded to bind 9.9.3-P1 (MacPorts), which enables DNSSec by default. One of my servers is 67.212.94.250.

My bind configuration uses "forward only; forwarders { 67.212.94.250; };". But, all queries timeout with security errors in the log.

If I use Google Public DNS (8.8.8.8), or the root servers, bind is happy and responds to queries.

I looked at dig and compared "dig @SERVER +dnssec www.apple.com", but saw no difference in the responses.

On the bind side, I have set "dnssec-validation auto". Everything else is standard.

--
-Justin
JustinVallon AT gmail.com


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19.

Top of Page