On Sun, Dec 20 2020, Mark Andrews wrote:
>> On 21 Dec 2020, at 06:04, Matthew Pounsett wrote:
>>
>>
>>
>> On Fri, 18 Dec 2020 at 18:08, Nicolas Bock
>> wrote:
>> Thanks Mark. Am I correct then that I need to either convince the
>> administrator of that DNS to enable DNSSEC or configure my
> On 21 Dec 2020, at 06:04, Matthew Pounsett wrote:
>
>
>
> On Fri, 18 Dec 2020 at 18:08, Nicolas Bock wrote:
> Thanks Mark. Am I correct then that I need to either convince the
> administrator of that DNS to enable DNSSEC or configure my DNS with
> `dnssec-validation = no`?
>
> The upstr
On Fri, 18 Dec 2020 at 18:08, Nicolas Bock
wrote:
> Thanks Mark. Am I correct then that I need to either convince the
> administrator of that DNS to enable DNSSEC or configure my DNS with
> `dnssec-validation = no`?
>
The upstream administrator isn't required to be validating DNSSEC for this
to
Thanks Mark. Am I correct then that I need to either convince the
administrator of that DNS to enable DNSSEC or configure my DNS with
`dnssec-validation = no`?
Thanks,
Nick
On Fri, Dec 18, 2020 at 3:07 PM Mark Andrews wrote:
> Correct it is not validating. Additionally it isn’t even DNSSES aw
Correct it is not validating. Additionally it isn’t even DNSSES aware. It will
need to be updated for you to validate through it.
--
Mark Andrews
> On 19 Dec 2020, at 05:07, Nicolas Bock wrote:
>
> Hi Mark,
>
> Thanks so much for the reply. I ran this command and am
> getting the following
On 18 Dec 2020, at 10:56, Nicolas Bock wrote:
> ;; ANSWER SECTION:
> com. 63779 IN DS 30909 8 2
> E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
> In other words, the forwarder returns a Delegation Signer
> record but not an RRset Signature record. Presumably that
> means that
Hi Mark,
Thanks so much for the reply. I ran this command and am
getting the following:
$ dig +dnssec ds com @10.0.0.3
; <<>> DiG 9.10.6 <<>> +dnssec ds com @10.0.0.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36260
;; flags: qr rd ra; QUERY: 1, AN
DNSSEC requires that forwarders support DNSSEC. Check that the forwarders
return
DNSSEC records when they are queried. The forwarders should also be validating
to
filter spoofed responses from the internet. You should be getting a answer like
this if the forwarders are validating.
[beetle:~]
Hi,
When I configure my named to forward to our corporate DNS
servers (10.0.0.2 and 10.0.0.3), I end up getting error
messages such as
Dec 17 20:58:06 dns-server named[843946]: fetch: www.canonical.com/A
Dec 17 20:58:06 dns-server named[843946]: fetch: com/DS
Dec 17 20:58:06
9 matches
Mail list logo
