Ubuntu 11.10 (Oneiric Ocelot) Install Notes
Spain, Dr. Jeffry A.
spainj at countryday.net
Mon Feb 13 03:19:24 UTC 2012
> I don't see NSEC3 in 2012-01-27 :)
I don't think it will appear until the snapshot release bind10-devel-20120301.
> actually I'm still kinda new to DNSSEC. As a test I followed the instructions for recursive server, which tells me to remove b10-auth. The docs say bind10 supports DNSSEC with b10-auth. When I dig @localhost +dnssec {mydomain} I don't get any DNSSEC data... So obviously my local recursive isn't authoritative but I'm missing the data. Anyhow there's much to learn and tinker with here.
>From previous discussion with the bind10 developers on this list, the bind10 recursive resolver doesn't have any DNSSEC functionality yet. I see the same thing you do -- no DNSSEC data returned from such queries. You can, however, serve a DNSSEC-signed zone with the bind10 authoritative server. My test zone jaspain.net is being served in this manner now. For example 'dig @bind.odvr.dns-oarc.net. jaspain.net +dnssec' will end up querying ns1.jaspain.net or ns2.jaspain.net, both of which are running bind10-devel-20120119, and will return DNSSEC data for you. Jeff.
More information about the bind10-users
mailing list