Problems with resolving a local tld

Robert Moskowitz rgm at htt-consult.com
Thu Feb 28 02:34:51 UTC 2013


On 02/27/2013 08:34 PM, Mark Andrews wrote:
> In message <512E31CA.5030001 at htt-consult.com>, Robert Moskowitz writes:
>> For various testing reasons, I have been running a tld here of htt. It
>> has worked of old and continues to work on my new 9.8.2 Centos servers.
>> Problem came up from a namecaching server that 'forwards only' to my
>> internal server.  It cannot resolve any hosts in this tld and on the
>> server forwarded to I see:
> Well one really shouldn't be creating one's own tlds.  That said
> sign the zone and add a trust anchor (managed-keys/trusted-keys)
> for it.  The validator won't ask the root zone for the DS records
> from the zone once you do that.

So I get to dive into zone signing slightly before I wanted to. Well 
time to get my feet wet!

> Anything from 9.3.0 onwards can sign modern ones.  If you want NSEC3
> the 9.6.0 onwards.

The 9.6.2 server has a bunch of cruft on it that makes it hard to muck 
with.  It is scheduled for replacement as well, but it is last on the 
list.  Maybe just signing the tld will 'fix' this for now.

>
>> Feb 27 11:16:14 rigel named[9294]: error (chase DS servers) resolving
>> 'htt-consult.com/DS/IN': 208.83.67.188#53
> Something not fully dnssec aware in the resolution path?

Probably.  NetSol is my registry...

Time to unlock it and move it.





More information about the bind-users mailing list