Problem with DNSSEC signing zone
William Thierry SAMEN
thierry.samen at gmail.com
Fri Jul 20 09:52:33 UTC 2012
Hi all Bind users,
i just have a problem with my zone signing output i made all the steps to
obtain a good result.
1. Generated KSK and ZSK
2. Add both of keys at the end of my zone file
3. signing my zone with dnssec-signzone command
4. enable dnssec in named options
5. change the name of my zone in the named by namezone.signed
6. I got the root DNSKEY RR set before with dig command and redirect the
outpout in root-dnskey file
7. I turned the DNSKEY into DS RR set also, with dnssec-dsfromkey
all this steps have been done well but, when i made a dig for testing the
result, i can't seen my section answer with RRSIG or ad flag
someone know what can i made to solve this problem please.
my zone name is *willzik.co.uk* and when i tested my Bind with a sign
domain like *ripe.net*, the result is good.
*dig +dnssec ripe.net gave *me a good answer
dig +dnssec willzik.co.uk return a solution without RRSIG records or ad flag
Thanks for your help
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users