mapletree123
Technical User
Setting up DNSSEC aware recursive resolver
I have server A ,that has signed zone files for few zones (example01.com, example02.com and etc).
Server A is:
-configured as slave for example01.com,example02.com, etc
-in an isolated network with no internet access.
-running bind 9.7 version.
I can get the signed record by digging:
dig @serverA +dnssec
It returns the A record with corresponding RRSIG but the AD bit is not set.
Problem:
I need to make sure the AD bit is set.
I am looking to configure full chain of trust by inserting DS record in the parent zone and do a recursive look up.
How do I achieve this with minimum configuration?
Your help is really appreciated.
I have server A ,that has signed zone files for few zones (example01.com, example02.com and etc).
Server A is:
-configured as slave for example01.com,example02.com, etc
-in an isolated network with no internet access.
-running bind 9.7 version.
I can get the signed record by digging:
dig @serverA +dnssec
It returns the A record with corresponding RRSIG but the AD bit is not set.
Problem:
I need to make sure the AD bit is set.
I am looking to configure full chain of trust by inserting DS record in the parent zone and do a recursive look up.
How do I achieve this with minimum configuration?
Your help is really appreciated.
