[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: Re: Single nameserver doesn't show signed SOA-RRs
From: Stefan Foerster <cite () incertum ! net>
Date: 2011-06-30 18:55:22
Message-ID: 20110630185521.GO14980 () mail ! incertum ! net
[Download RAW message or body]
* Mark Andrews <marka@isc.org>:
> In message <20110630031511.GN14980@mail.incertum.net>, Stefan Foerster writes:
> > * Mark Andrews <marka@isc.org>:
> > > Contact the adminstrator of the server and request that they stop
> > > disabling dnssec. "dnssec-enable yes;" is the default for all
> > > version except 9.3.x.
> >
> > Are you sure that 88.198.26.233 has DNSSEC disabled? The admin told me
> > he had added "dnssec-enable yes;" to the named.conf file.
>
> But has he reloaded/reconfigured the server?
>
> "dig billigmail.org any @88.198.26.233" shows the server has the
> signatures.
>
> "dig billigmail.org soa @88.198.26.233 +dnssec" show that they arn't
> being returned when requested and it also shows DO being returned
> which means there is nothing stripping out the DO bit on the way
> to the server or on the way back.
You were, of course, right. The admin had reconfigured the wrong
nameserver. I apologize for the noise.
Cheers
Stefan
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic