[Pdns-users] Serve presigned auth-zones with pdns-recursor
Peter Thomassen
peter at desec.io
Fri Sep 9 01:32:05 UTC 2016
Hi,
I set up a the recursor (4.0.3) with a separate zone file that I
declared authoritative using the auth-zones directive. The zone file
contains DNSSEC signatures.
However, when querying the recursor using dig +dnssec, only the
requested record types (e.g. A) are returned, but not the RRSIG records
(although they can be requested manually).
Is this intended?
I am aware that there would be complications in narrow NSEC3 mode when
non-existent records are queried, but with regular NSEC3, everything
needed can be extracted from the zone file itself (it has an NSEC3PARAM
record).
Best,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160908/b192e2c4/attachment.sig>
More information about the Pdns-users
mailing list