Discuss mailing list

[staticsafe <me AT staticsafe.ca>]

On Sat, Jun 29, 2013 at 01:28:32PM -0400, Justin Vallon wrote:
> I recently upgraded to bind 9.9.3-P1 (MacPorts),  which enables
> DNSSec by default.  One of my servers is 67.212.94.250.
> 
> My bind configuration uses "forward only; forwarders {
> 67.212.94.250; };".  But, all queries timeout with security errors
> in the log.
> 
> If I use Google Public DNS (8.8.8.8), or the root servers, bind is
> happy and responds to queries.
> 
> I looked at dig and compared "dig @SERVER +dnssec www.apple.com",
> but saw no difference in the responses.
> 
> On the bind side, I have set "dnssec-validation auto".  Everything
> else is standard.
> 
> -- 
> -Justin
> JustinVallon AT gmail.com
> 
> 

DNSSEC validation will not work with OpenNIC resolvers.

Disable it with "dnssec-validation no".
-- 
staticsafe
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Please don't top post.
Please don't CC! I'm subscribed to whatever list I just posted on.