Hello Onur,
sharing your named-checkconf -p output would be a good start. bind.keys
should not be required, if your build is recent and it has new key
built-in. Please share also your BIND version.
Difference between auto and yes is, auto includes built-in keys
automatically. With yes, you have to include them yourself.
Try adding:
include "/etc/bind.keys";
to your configuration, if dnssec-validation yes; is used.
Best Regards,
Petr
On 11/12/20 11:18 AM, Onur GURSOY wrote:
> Hello Everyone,
> I have some trouble about bin9 and dnssec
> When i set dnssec-validation to auto.
> My dns server is talking with google dns server (8.8.8.8 and 8.8.4.4)
> and
> when i set to dnssec-validation to yes
> it couldn't talk with google dns server.
> i have realized, there is no pre defined bind.keys.
> I donwload it from this
> https://downloads.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11
> and i added manually but result is the same
> They didn't talk with google dns server.
> So
> where is the difference auto and yes.
> and why default bind.keys file didn't come by default
> Where is the problem.
> If you want i can provide wireshark output.
>
> Many Many Thanks,
> With My Best Regards,
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_0x4931CA5B6C9FC5CB_and_old_rev.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users