On 4/18/12 10:33 AM, Spain, Dr. Jeffry A. wrote: > Your post is somewhat unclear to me. Querying from my bind 9.9.0 recursive > resolver "dig @localhost raindrop.us +dnssec", I get an AD flag returned, > suggesting that dnssec is working for raindrop.us. In your query "dig +dnssec > +sigchase soa raindrop.us", is the resolver dnssec-enabled? I assume this > would be one of the resolvers listed in your resolv.conf file. It appears > that ns6.peak.org is not a recursive resolver. Does it have a zone file for > raindrop.us?
That's somewhat reassuring in that at least the authoritative server seems to be working, meaning it's my resolver that isn't. Sorry about the clarity - I am working with two machines, each running bind 9.9.0: ns6.peak.org is the test authoritative server which is serving the test domain, raindrop.us. I'm using another machine as a dnssec enabled resolver to do the testing from with this named.conf: include "/var/named/rdrop.blocks"; include "/var/named/peak.blocks"; options { directory "/var/named"; pid-file "/var/run/named/pid"; listen-on { 127.0.0.1; }; listen-on-v6 { ::1; }; allow-query { 127.0.0.1; ::1; rdrop_blocks; peak_blocks; }; allow-recursion { 127.0.0.1; ::1; rdrop_blocks; peak_blocks; }; allow-transfer { none; }; dnssec-enable yes; dnssec-validation yes; masterfile-format text; query-source address 127.0.0.1 port *; version "named"; }; managed-keys { "." initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0= "; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users