Hi, I set up a the recursor (4.0.3) with a separate zone file that I declared authoritative using the auth-zones directive. The zone file contains DNSSEC signatures.
However, when querying the recursor using dig +dnssec, only the requested record types (e.g. A) are returned, but not the RRSIG records (although they can be requested manually). Is this intended? I am aware that there would be complications in narrow NSEC3 mode when non-existent records are queried, but with regular NSEC3, everything needed can be extracted from the zone file itself (it has an NSEC3PARAM record). Best, Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
