LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Dns dnssec help plz.
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-13-2007, 12:17 PM   #1
joshp
LQ Newbie
 
Registered: Aug 2006
Location: Chicago IL
Distribution: To many to list.
Posts: 27

Rep: Reputation: 1
Dns dnssec help plz.

After going though some howtos that I found online I am still no closer to figureing this out. I created my zone keys, sigend my zone, copyed the key from the keyset file to the trusted-key section on the server. When I run dig +dnssec server.omega comeback with this

; <<>> DiG 9.4.1-P1 <<>> +dnssec server.omega
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61894
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;server.omega. IN A

;; ANSWER SECTION:
server.omega. 86400 IN A 192.168.4.1
server.omega. 86400 IN RRSIG A 5 2 86400 20071013155854 20070913155854 22143 omega. 51G7sxk2r93SQjdEOu/33oM36ON3cJKNycCBy51ylSNUJBlf7DWz4Hp
Z GJZFW0ZGGPLbOLcL8cNzumNbgwxmdA==

;; AUTHORITY SECTION:
omega. 86400 IN NS server.omega.
omega. 86400 IN NS server1.omega.
omega. 86400 IN RRSIG NS 5 1 86400 20071013155854 20070913155854 22143 omega. gAV4BrefL9G7deW0IegiWewJHzoaVqdguI9qh0pb9nVtI3G8iMkWBO
27 9AvaPHHJ5c+Cqn5HI4gNo5asL2JX7A==

;; ADDITIONAL SECTION:
server1.omega. 86400 IN A 192.168.4.2
server1.omega. 86400 IN RRSIG A 5 2 86400 20071013155854 20070913155854 22143 omega. eDrqTg3W8MgjlqNcb9w1ffEbEppq6pkvlc+sld9aCefiB07oCvmLHsc
u UsrUOISLQH9wpvchIIX1KogbqdJZyQ==

;; Query time: 0 msec
;; SERVER: 192.168.4.1#53(192.168.4.1)
;; WHEN: Thu Sep 13 12:15:41 2007
;; MSG SIZE rcvd: 412

I think from that I am sending sigend zones but, from everything I read the aa tag needs to be ad. Any one have any ideas, or maybe a howto that is easy to follow? I am using bind 9.4.1-p1.

JP
Last edited by joshp; 09-13-2007 at 12:41 PM.
 
Old 09-14-2007, 05:16 AM   #2
johndickinson
LQ Newbie
 
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
Hi

When you added the key to the trusted key section which server was that on? The authoritative server serving the zone you created or the recursive server that dig is querying? It needs to be on the recursive server in your case this would be the machine 192.168.4.1

BTW - Dig does not do any validation itself you need to have the recursive name server do that.

For good examples get a copy of Pro DNS and BIND (ISBN13 978-1590594940) this book has far and away the best coverage of DNSSEC.

HTH
John
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dnssec-keygen hangs jon3k Linux - Software 2 08-23-2015 05:06 PM
bind - dnssec jsheffie Linux - Networking 0 07-28-2005 10:22 AM
no dnssec for debian ruben0076 Linux - Networking 2 01-18-2005 06:07 AM
Plz.. Help me (DNS) abimanyu007 Linux - Networking 5 09-09-2004 10:31 AM
Need a hand with DNS issue plz Lexx Linux - Networking 1 02-25-2002 12:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:47 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration