Re: testing validation

Wed, 18 Apr 2012 10:52:56 -0700 

On 4/18/12 10:33 AM, Spain, Dr. Jeffry A. wrote:

> Your post is somewhat unclear to me. Querying from my bind 9.9.0 recursive 
> resolver "dig @localhost raindrop.us +dnssec", I get an AD flag returned, 
> suggesting that dnssec is working for raindrop.us. In your query "dig +dnssec 
> +sigchase soa raindrop.us", is the resolver dnssec-enabled? I assume this 
> would be one of the resolvers listed in your resolv.conf file. It appears 
> that ns6.peak.org is not a recursive resolver. Does it have a zone file for 
> raindrop.us?

That's somewhat reassuring in that at least the authoritative server
seems to be working, meaning it's my resolver that isn't.

Sorry about the clarity - I am working with two machines, each running
bind 9.9.0: ns6.peak.org is the test authoritative server which is
serving the test domain, raindrop.us.  I'm using another machine as a
dnssec enabled resolver to do the testing from with this named.conf:


include "/var/named/rdrop.blocks";
include "/var/named/peak.blocks";

options {
        directory "/var/named";
        pid-file "/var/run/named/pid";

        listen-on { 127.0.0.1; };
        listen-on-v6 { ::1; };

        allow-query {
                127.0.0.1;
                ::1;
                rdrop_blocks;
                peak_blocks;
        };
        allow-recursion {
                127.0.0.1;
                ::1;
                rdrop_blocks;
                peak_blocks;
        };
        allow-transfer { none; };

        dnssec-enable yes;
        dnssec-validation yes;
        masterfile-format text;

        query-source address 127.0.0.1 port *;
        version "named";
};

managed-keys {
   "." initial-key 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0= ";
};

zone "." {
  type hint;
  file "named.root";
};

zone "0.0.127.in-addr.arpa" {
  type master;
  file "master/localhost-reverse.db";
};

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to