Single nameserver doesn't show signed SOA-RRs
cite at incertum.net
Thu Jun 30 18:55:22 UTC 2011
* Mark Andrews <marka at isc.org>:
> In message <20110630031511.GN14980 at mail.incertum.net>, Stefan Foerster writes:
> > * Mark Andrews <marka at isc.org>:
> > > Contact the adminstrator of the server and request that they stop
> > > disabling dnssec. "dnssec-enable yes;" is the default for all
> > > version except 9.3.x.
> > Are you sure that 184.108.40.206 has DNSSEC disabled? The admin told me
> > he had added "dnssec-enable yes;" to the named.conf file.
> But has he reloaded/reconfigured the server?
> "dig billigmail.org any @220.127.116.11" shows the server has the
> "dig billigmail.org soa @18.104.22.168 +dnssec" show that they arn't
> being returned when requested and it also shows DO being returned
> which means there is nothing stripping out the DO bit on the way
> to the server or on the way back.
You were, of course, right. The admin had reconfigured the wrong
nameserver. I apologize for the noise.
More information about the bind-users