So, I setup up DNSSEC on my authoritative bind 9.12 server, which was very
straightforward and works fine:
dig covisp.net +dnssec +short @8.8.8.8
65.121.55.42
A 7 2 86400 20181008122535 20180908122535 17363 covisp.net.
pkpVdFONJ2dYN+7wQ4pVcQTlWIThY3+mbNdXsE8p5uWiLNvIefVT32JE
i9itA3Si91/pImofmPnLPbxRbLzWt+dSfbxBoHaoCYK1ZCngw/vy9QlG
36Um0De5ItCC/GuflXUnBKmEJKx0pQOlvqSnkRSV75yLnAw3NA0BdKnf
CBJP9QLQH/A1vojRafIER5MNM34lKfJC9QrMDBiUBYzrv3i/2QK3gE7t
8Y1Zpoemux8Uz/zps1I/pmjVAIixk2ilVOLDXkeS6Ta4ODrWayyuFM8b
xwkodXsMtFAx5PhkVyHT5zJyScYYzC82aZs7fTmA6F01saabVsxIYAi6 78upgA==
But now, what do I need to do for other DNS servers? Is it enough to simply add
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/usr/local/etc/namedb/working/keys";
? Should it simply validate the key with the primary and go from there?
I tried this, but trying to do a dig +dnssec on the secondary DNS doesn’t
return the record, so I think there must be something else.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
