HI!
We're currently testing DNSSEC validation with libunbound 1.5.3 with all
the RRs
retrieved through a pdns-recursor (also tested 3.7.2).
It seems that
1. libunbound does not explicitly retrieve the RRSIG RRs and
2. pdns-recursor does not return them when not explicitly request (qtype
ANY).
(Explicitly requesting RRSIG works.)
=> validation in libunbound fails
Did anybody else try such a setup before? Did it work?
Most people doing DNSSEC validation simply use bind9 or unbound for
recursing
and as validating resolver but for now that's likely not an option in
this
infrastructure.
Any hint is appreciated. Thanks in advance.
Ciao, Michael.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
