In our initial implementation of DNSSEC, we chose to try out the "auto" functionalities in version 9.8.0 P4 ie. using "auto-dnssec maintain" in all master zones.
When going live, we found that though all zones that we are acting as master for would populate their own DS records, but there would be no population of a child zone's DS record in the corresponding parent master zone file. This means upon go-live, any DNSSEC validation of our children zones (X.nau.edu, Y.X.nau.edu etc.) would fail, though our root master zone (nau.edu) would validate fine. We have since backed out DNSSEC until we can get a resolution of the issue. After much research, I'm not sure why this is happening... Any suggestions or ideas? Raymond Walker Software Systems Engineer Sr. ITS Northern Arizona University _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
