[rbldnsd] rblnsd +dnssec for pesudo tld zone
Lähteenmäki Mikko
ifreq at deviate.fi
Wed Apr 6 15:04:44 MSD 2011
This is clipped from the post on https://lists.isc.org/pipermail/bind-users/2010-October/081577.html
"When I recently installed the root dnssec initial key on our DNS it
broke
it's ability to accept responses for forwarded requests for a DNS block
list zone served by another system. Other queries aren't affected. The
config for the forwarded zone looks like:
zone "dnsbl" {
type forward;
forward only;
forwarders {
10.0.0.124;
};
};
The server at 10.0.0.124 is running rbldnsd. Queries to our main
resolver
DNS for anything in the 'dnsbl' zone generate a SERVFAIL and BIND logs
messages similar to the following:
error (chase DS servers) resolving 'sbl.dnsbl/DS/IN': 10.0.0.124#53
If I disable the root initial key, the forwarded queries work again. I
think the problem is that our pseudo TLD 'dnsbl' isn't a signed zone or
something like that. The RRs for the zone are retrieved from various
spam
BL repositories.
Is there a way to disable dnssec validation on a per-zone basis for
internal pseudo TLDs?
Antonio Querubin
808-545-5282 x3003
e-mail/xmpp: tony at lava.net"
We are facing the same problem on our test environment at the moment.
Our server is running local BIND and rblnsd
on localhost port XX. Anyone else having this issue?
Br
Mikko Lahteenmaki
Finland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.corpit.ru/pipermail/rbldnsd/attachments/20110406/bb006b16/attachment.html>
More information about the rbldnsd
mailing list