[Pdns-users] DNSSEC, pdns-recursor and libunbound
Michael Ströder
michael at stroeder.com
Fri Apr 24 15:04:37 UTC 2015
HI!
We're currently testing DNSSEC validation with libunbound 1.5.3 with all
the RRs
retrieved through a pdns-recursor (also tested 3.7.2).
It seems that
1. libunbound does not explicitly retrieve the RRSIG RRs and
2. pdns-recursor does not return them when not explicitly request (qtype
ANY).
(Explicitly requesting RRSIG works.)
=> validation in libunbound fails
Did anybody else try such a setup before? Did it work?
Most people doing DNSSEC validation simply use bind9 or unbound for
recursing
and as validating resolver but for now that's likely not an option in
this
infrastructure.
Any hint is appreciated. Thanks in advance.
Ciao, Michael.
More information about the Pdns-users
mailing list