Problems with resolving a local tld

Mark Andrews marka at isc.org
Thu Feb 28 01:34:23 UTC 2013


In message <512E31CA.5030001 at htt-consult.com>, Robert Moskowitz writes:
> For various testing reasons, I have been running a tld here of htt. It 
> has worked of old and continues to work on my new 9.8.2 Centos servers.  
> Problem came up from a namecaching server that 'forwards only' to my 
> internal server.  It cannot resolve any hosts in this tld and on the 
> server forwarded to I see:

Well one really shouldn't be creating one's own tlds.  That said
sign the zone and add a trust anchor (managed-keys/trusted-keys)
for it.  The validator won't ask the root zone for the DS records
from the zone once you do that.

Anything from 9.3.0 onwards can sign modern ones.  If you want NSEC3
the 9.6.0 onwards.

> Feb 27 11:16:14 rigel named[9294]: error (chase DS servers) resolving 
> 'htt-consult.com/DS/IN': 208.83.67.188#53

Something not fully dnssec aware in the resolution path?

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list