In message <512e31ca.5030...@htt-consult.com>, Robert Moskowitz writes: > For various testing reasons, I have been running a tld here of htt. It > has worked of old and continues to work on my new 9.8.2 Centos servers. > Problem came up from a namecaching server that 'forwards only' to my > internal server. It cannot resolve any hosts in this tld and on the > server forwarded to I see:
Well one really shouldn't be creating one's own tlds. That said sign the zone and add a trust anchor (managed-keys/trusted-keys) for it. The validator won't ask the root zone for the DS records from the zone once you do that. Anything from 9.3.0 onwards can sign modern ones. If you want NSEC3 the 9.6.0 onwards. > Feb 27 11:16:14 rigel named[9294]: error (chase DS servers) resolving > 'htt-consult.com/DS/IN': 208.83.67.188#53 Something not fully dnssec aware in the resolution path? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users