Single nameserver doesn't show signed SOA-RRs
Stefan Foerster
cite at incertum.net
Thu Jun 30 18:55:22 UTC 2011
* Mark Andrews <marka at isc.org>:
> In message <20110630031511.GN14980 at mail.incertum.net>, Stefan Foerster writes:
> > * Mark Andrews <marka at isc.org>:
> > > Contact the adminstrator of the server and request that they stop
> > > disabling dnssec. "dnssec-enable yes;" is the default for all
> > > version except 9.3.x.
> >
> > Are you sure that 88.198.26.233 has DNSSEC disabled? The admin told me
> > he had added "dnssec-enable yes;" to the named.conf file.
>
> But has he reloaded/reconfigured the server?
>
> "dig billigmail.org any @88.198.26.233" shows the server has the
> signatures.
>
> "dig billigmail.org soa @88.198.26.233 +dnssec" show that they arn't
> being returned when requested and it also shows DO being returned
> which means there is nothing stripping out the DO bit on the way
> to the server or on the way back.
You were, of course, right. The admin had reconfigured the wrong
nameserver. I apologize for the noise.
Cheers
Stefan
More information about the bind-users
mailing list