discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Famicoman <famicoman AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: [opennic-discuss] DNSSEC validation forced off?
- Date: Tue, 6 Dec 2016 08:48:55 -0500
Hey all,
Long-time subscriber just setting up my first tier 2 server using bind 9.9.5. I followed the wiki on using the root hints method and found that I had to change dnssec-validatio to no instead of the default auto in my named.conf.options file to be able to ping opennic.glue.
If I left it on auto, I would get the following lines in my syslog and ping would report an unknown host,
Dec 6 14:16:11 arsgang named[24432]: validating @0x7f78686561f0: opennic.glue DS: bad cache hit (./DNSKEY)
Dec 6 14:16:11 arsgang named[24432]: error (broken trust chain) resolving 'opennic.glue/A/IN': 188.226.146.136#53
I read in the list archive that DNSSEC is supported now on servers, but I'm under the impression I need to specify some key files, and their generation is a bit over my head. Is this accurate? If anyone more knowledgeable than me can chime in (or if I should even worry about this) I can update the wiki with these steps.
Thanks,
Mike.
- [opennic-discuss] DNSSEC validation forced off?, Famicoman, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Jeff Taylor, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Famicoman, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Verax, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Famicoman, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Jeff Taylor, 12/06/2016
Archive powered by MHonArc 2.6.19.