On 24.01.2011 15:54, Paul Wouters wrote: > I meant, if you have a zone example.tld. And tld. is not signed, but > you have a testbed for a signed tld. at IP 1.2.3.4, if static-stub > would allow you to configure a resolving bind to perform DNSSEC on > 1.2.3.4 with a loaded trusted-key. So yes, the "de" (or "ca") testbed > hook.
Yes, it works. No more "DNS format error [...] non-improving referral". See the attached diff to DeNIC's testbed configuration https://www.secure.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind.txt Hauke.
--- dnssec-testbed-muster-bind.txt.old 2010-10-01 09:05:49.000000000 +0200
+++ dnssec-testbed-muster-bind.txt 2011-01-24 16:37:06.000000000 +0100
@@ -12,16 +12,15 @@
// ``zone Statement Definition and Usage''
zone "de" {
- type forward;
+ type static-stub;
// Die Reihenfolge der beiden Adressen kann beliebig gewaehlt
// werden
- forwarders {
+ server-addresses {
81.91.161.228; // auth-fra.dnssec.denic.de
87.233.175.25; // auth-ams.dnssec.denic.de
// IPv6 nur bei geeigneter Konnektivität aktivieren
// 2A02:568:0:1::53; // auth-fra.dnssec.denic.de
};
- forward first;
};
// WICHTIG: Diese Liste muss regelmaessig gepflegt werden und
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
