Hi all Bind users, i just have a problem with my zone signing output i made all the steps to obtain a good result.
1. Generated KSK and ZSK 2. Add both of keys at the end of my zone file 3. signing my zone with dnssec-signzone command 4. enable dnssec in named options 5. change the name of my zone in the named by namezone.signed 6. I got the root DNSKEY RR set before with dig command and redirect the outpout in root-dnskey file 7. I turned the DNSKEY into DS RR set also, with dnssec-dsfromkey command. all this steps have been done well but, when i made a dig for testing the result, i can't seen my section answer with RRSIG or ad flag someone know what can i made to solve this problem please. my zone name is *willzik.co.uk* and when i tested my Bind with a sign domain like *ripe.net*, the result is good. *dig +dnssec ripe.net gave *me a good answer dig +dnssec willzik.co.uk return a solution without RRSIG records or ad flag Thanks for your help -- Cordialement. Thierry *SAMEN.*
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users