On 2009-12-10 08:49, Niobos wrote:
Thank you very much for your help; I'll forward the conversation to the
bug-tracking list.
Since these are my first DNSSEC experiments, I just wanted to make sure that it
wasn't a problem with my understanding of the concept.
Niobos
This has been
Could you try this lookup?
dig +dnssec removed.dnssec.dest-unreach.be
I see now what you mean.
Even though I have added your DNSKEY as trusted key, I get SERVFAIL on
the first query and NXDOMAIN on the second, without BIND doing any
additional outgoing queries.
This is the same behavior
[I finally gave up on trying to get Thunderbird *not* to wrap long
lines. Prefixing them with seems to be the only way, even if confusing]
Niobos wrote:
dig +dnssec removed.dnssec.dest-unreach.be
Even though I have added your DNSKEY as trusted key, I get SERVFAIL on
the first query and
Niobos wrote:
When requesting a lookup of removed, I get a SERVFAIL as well. However,
every subsequent request for removed gets an NXDOMAIN. (dig outputs below)
Flushing the caches on the RR with rndc flush causes the first request to
be a SERVFAIL again.
I cannot reproduce this behaviour
Niobos wrote:
As soon as I activate DLV (besides the manual SEP I entered), the removed
behaviour changes:
* First lookup still returns SERVFAIL
* Subsequent lookups now return NXDOMAIN with the AD flag *set*! (log
confirms that my domain is not in the DLV and hence is insecure)
That is
Hi all,
I'm having some problems with implementing DNSSEC with NSEC3. I'm fairly new to
DNSSEC, so it is certainly possible that my understanding of the subject is
causing me to miss something. Also, I'm not entirely sure this is the correct
mailing list, more accurate pointers are welcome.
6 matches
Mail list logo
