[Pdns-users] DNSSEC Not Working for All Subdomains

Dougan, Linda A DOUGANLA at gru.com
Mon Sep 24 13:50:59 UTC 2012 

Thank you for your  help. I tried rectifying the zones and it did enter the ordername and auth, but I am still not getting the DNSSEC answer from both zones.  It works for www.a.aa but not gtec-gru-gw.customer.a.aa see below.   Is "dig +dnssec +multiline @127.0.0.1 www.a.aa" the correct way to test it?  I have included listing of records data, see attachment.  I am using pdns version 3.0.1.

$ dig +dnssec +multiline @127.0.0.1 www.a.aa

; <<>> DiG 9.9.1-P1 <<>> +dnssec +multiline @127.0.0.1 www.a.aa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;www.a.aa.           IN A

;; ANSWER SECTION:
www.a.aa.            300 IN A 198.190.222.6
www.a.aa.            300 IN RRSIG A 8 3 300 (
                                20121004000000 20120920000000 31776 a.aa.
                                HSj+WDdFnTR22fb9I9g22t/WzDgWc9LcjXNePk0Y3RID
                                zCAOXWRJ2NT55Tuy8NivlzvE4pj4vJidVLMaf4C8YWZs
                                3Ewty530h97/dLHDPNrl4opN2uWp7VeNguuVtLqjoGua
                                vIWKNG1CeSLSxmqzuAFB7RgDxxWwgZJxQO631Nk= )

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 24 09:37:22 2012
;; MSG SIZE  rcvd: 223

$ dig +dnssec +multiline @127.0.0.1 gtec-gru-gw.customer.a.aa

; <<>> DiG 9.9.1-P1 <<>> +dnssec +multiline @127.0.0.1 gtec-gru-gw.customer.a.aa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;gtec-gru-gw.customer.a.aa. IN A

;; ANSWER SECTION:
gtec-gru-gw.customer.a.aa. 14400 IN A 209.251.128.86

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 24 09:35:53 2012
;; MSG SIZE  rcvd: 73






-----Original Message-----
From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of Peter van Dijk
Sent: Friday, September 21, 2012 2:21 PM
To: pdns-users Users
Subject: Re: [Pdns-users] DNSSEC Not Working for All Subdomains

Hello Linda,

as I pointed out in my first reply, rectify-zone acts on one domain. The records that have not been updated have a different domain_id and thus are part of a different domain.

You need to rectify-zone for each domain in your domains table. rectify-all-zones might be useful to you.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pdnsseclast.txt
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20120924/79cde680/attachment-0001.txt>

More information about the Pdns-users mailing list