subject:"Re\: \[Pdns\-users\] Problem with DNSSEC from bind to powerdns"

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread Gert van Dijk

On Thu, Apr 18, 2019 at 12:31 PM abubin wrote: > I am sorry as I am very new at this. > That's okay! I was new to details on DNSSEC until a month ago too. :-) > FYI, both the DNS servers are PRIVATE. The domains they are hosting does > not get published to the internet. It is mainly only for in

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread Brian Candler

On 18/04/2019 11:30, abubin wrote: I am sorry as I am very new at this. FYI, both the DNS servers are PRIVATE. The domains they are hosting does not get published to the internet. It is mainly only for internal usage. Sure. But your cache is DNSSEC validating, and is rejecting the domain as

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread abubin

Hi, I am sorry as I am very new at this. FYI, both the DNS servers are PRIVATE. The domains they are hosting does not get published to the internet. It is mainly only for internal usage. Link between them is using a lease line. I have no problem querying from secondary site (running pdns) to prima

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread Gert van Dijk

On Thu, Apr 18, 2019 at 11:18 AM abubin wrote: > I have looked into Bind's negative trust anchor implementation. Seems like > in Bind, this option cannot be specified to more than 1 week. After 1 week > the negative trust will be removed. > The content you quote yourself seems to indicate otherw

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread abubin

I have looked into Bind's negative trust anchor implementation. Seems like in Bind, this option cannot be specified to more than 1 week. After 1 week the negative trust will be removed. https://ftp.isc.org/isc/bind/9.11.0a1/doc/arm/man.rndc.html *nta [( -d | -f | -r | -l duration)] domain [view]*

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread Gert van Dijk

On Thu, Apr 18, 2019 at 10:24 AM abubin wrote: > I have just installed pdns and pdns-recursor on a server in secondary > site. The primary site is using CentOS 7 bind to host private DNS. > > I am trying to create a forwarding DNS from bind to pdns in primary site. > For example, when I query the

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

2019-04-18 Thread Brian Candler

On 18/04/2019 09:23, abubin wrote: However, due to DNSSEC it is not resolving the zone. It will work if I disable DNSSEC in bind. You need to create a Negative Trust Anchor in your recursor for the domain you are forwarding. If you were using powerdns recursor, the instructions are here: ht

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

Re: [Pdns-users] Problem with DNSSEC from bind to powerdns

7 matches

Site Navigation

Mail list logo

Footer information