discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Famicoman <famicoman AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] DNSSEC validation forced off?
- Date: Tue, 6 Dec 2016 11:25:29 -0500
Hi Jeff,
I also run debian (jessie) and modified my config to contain your lines in regards to anything dnssec-related. Pasted in, bind appears to be functioning as expected.
Apparantly look-aside validation removes the necessity for manual key management on individual DNS servers by trusting a resolver upstream. Look-aside will apparantly be discontinued at some point, but will keep working for now (https://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html)
On Dec 6, 2016 10:52 AM, "Jeff Taylor" <shdwdrgn AT sourpuss.net> wrote:
I'd be curious what experience others have had with this, or if anyone knows enough about DNSSEC to provide answers as to why this might be happening. In my own case, I run Bind 9.9.5 on debian, and have never seen any such error messages. My config contains these lines...
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Is there a portion of the KSK or ZSK that is supposed to be made public? I thought the public portions of the keys were contained within the DNSKEY and RRSIG records of the signed root zone?
--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
- [opennic-discuss] DNSSEC validation forced off?, Famicoman, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Jeff Taylor, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Famicoman, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Verax, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Famicoman, 12/06/2016
- Re: [opennic-discuss] DNSSEC validation forced off?, Jeff Taylor, 12/06/2016
Archive powered by MHonArc 2.6.19.