[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bind-users
Subject:    Re: Single nameserver doesn't show signed SOA-RRs
From:       Stefan Foerster <cite () incertum ! net>
Date:       2011-06-30 18:55:22
Message-ID: 20110630185521.GO14980 () mail ! incertum ! net
[Download RAW message or body]

* Mark Andrews <marka@isc.org>:
> In message <20110630031511.GN14980@mail.incertum.net>, Stefan Foerster writes:
> > * Mark Andrews <marka@isc.org>:
> > > Contact the adminstrator of the server and request that they stop
> > > disabling dnssec.  "dnssec-enable yes;" is the default for all
> > > version except 9.3.x.
> > 
> > Are you sure that 88.198.26.233 has DNSSEC disabled? The admin told me
> > he had added "dnssec-enable yes;" to the named.conf file.
> 
> But has he reloaded/reconfigured the server?
> 
> "dig billigmail.org any @88.198.26.233" shows the server has the
> signatures.
> 
> "dig billigmail.org soa @88.198.26.233 +dnssec" show that they arn't
> being returned when requested and it also shows DO being returned
> which means there is nothing stripping out the DO bit on the way
> to the server or on the way back.

You were, of course, right. The admin had reconfigured the wrong
nameserver. I apologize for the noise.


Cheers
Stefan
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]