Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] DNSSec troubles

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] DNSSec troubles

Chronological Thread 
  • From: staticsafe <me AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] DNSSec troubles
  • Date: Sat, 29 Jun 2013 13:59:57 -0400

On Sat, Jun 29, 2013 at 01:28:32PM -0400, Justin Vallon wrote:
> I recently upgraded to bind 9.9.3-P1 (MacPorts), which enables
> DNSSec by default. One of my servers is
> My bind configuration uses "forward only; forwarders {
>; };". But, all queries timeout with security errors
> in the log.
> If I use Google Public DNS (, or the root servers, bind is
> happy and responds to queries.
> I looked at dig and compared "dig @SERVER +dnssec",
> but saw no difference in the responses.
> On the bind side, I have set "dnssec-validation auto". Everything
> else is standard.
> --
> -Justin
> JustinVallon AT

DNSSEC validation will not work with OpenNIC resolvers.

Disable it with "dnssec-validation no".
O< ascii ribbon campaign - stop html mail -
Please don't top post.
Please don't CC! I'm subscribed to whatever list I just posted on.

Archive powered by MHonArc 2.6.19.

Top of Page