This environment is in a lab.
I have a DNSSEC enabled server with a signed .TLD zone (again, in a lab). I
have a client that can accurately run queries against the signed .TLD zone.
So this works...
DNSSEC Enabled Client => DNSSEC Enabled .TLD
I'm trying to put a recursive BIND 9.6.1-P1 server between .TLD and the client.
DNSSEC Enabled Client => Recursive BIND => DNSSEC Enabled .TLD
I setup the cache file on the recursive BIND to point all root servers to the
DNSSEC Enabled .TLD. I enabled dnssec-enable and dnssec-validation in the
named.conf. I pulled the keys from DNSSEC Enabled .TLD using dig +dnssec com
@test.server.TLD and put them in the named.conf. Yet my recursive DNSSEC 9.6.1
server does not answer DNSSEC queries from the client.
Any hints or clues to how to make the recursive DNSSEC work would be
appreciated. Thanks in advanced.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
