Single nameserver doesn't show signed SOA-RRs
Mark Andrews
marka at isc.org
Thu Jun 30 03:43:55 UTC 2011
In message <20110630031511.GN14980 at mail.incertum.net>, Stefan Foerster writes:
> * Mark Andrews <marka at isc.org>:
> > Contact the adminstrator of the server and request that they stop
> > disabling dnssec. "dnssec-enable yes;" is the default for all
> > version except 9.3.x.
>
> Are you sure that 88.198.26.233 has DNSSEC disabled? The admin told me
> he had added "dnssec-enable yes;" to the named.conf file.
But has he reloaded/reconfigured the server?
"dig billigmail.org any @88.198.26.233" shows the server has the
signatures.
"dig billigmail.org soa @88.198.26.233 +dnssec" show that they arn't
being returned when requested and it also shows DO being returned
which means there is nothing stripping out the DO bit on the way
to the server or on the way back.
> Cheers
> Stefan
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list