[Pdns-users] Serve presigned auth-zones with pdns-recursor
peter at desec.io
Fri Sep 9 01:32:05 UTC 2016
I set up a the recursor (4.0.3) with a separate zone file that I
declared authoritative using the auth-zones directive. The zone file
contains DNSSEC signatures.
However, when querying the recursor using dig +dnssec, only the
requested record types (e.g. A) are returned, but not the RRSIG records
(although they can be requested manually).
Is this intended?
I am aware that there would be complications in narrow NSEC3 mode when
non-existent records are queried, but with regular NSEC3, everything
needed can be extracted from the zone file itself (it has an NSEC3PARAM
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Pdns-users