On 03/03/2013 08:10 AM, Robert Moskowitz wrote:
I solve the EDNS problem, probably on my Juniper SSG5. This will
initially have to wait until Juniper gets back to me, or I corner some
of their developers at IETF in a couple weeks. Alternatively I
replace the SSG5...
And I change my registry to one that supports DNSSEC.
Commenting all the lines about DNSSEC does not seem to totally stop
it, as I see the following message after restarting named:
Mar 3 07:48:45 onlo named[7049]: managed-keys-zone ./IN/external:
loaded serial 352
And eventhough rigel and klovia were restarted with all the DNSSEC
lines commented out, I am still getting the 'no valid RRSIG' messages
for htt. I suspect I am dealing with defaults here and will have to
explicitly state:
dnssec-enable no;
dnssec-validation no;
Still getting the loading of managed-keys-zone, but now I get resolution
for htt. on the caching server. I see much testing ahead of me, as
there is no firewall between rigel and klovia. This at least will allow
me to launch klovia as my new mail server as I work out the DNSSEC
related items.
Anything else I need to do to really turn dnssec off for now?
Still wonder what will stop the manage-keys-zone loading.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
