[Pdns-users] Serve presigned auth-zones with pdns-recursor

Peter Thomassen peter at desec.io
Fri Sep 9 01:32:05 UTC 2016


I set up a the recursor (4.0.3) with a separate zone file that I
declared authoritative using the auth-zones directive. The zone file
contains DNSSEC signatures.

However, when querying the recursor using dig +dnssec, only the
requested record types (e.g. A) are returned, but not the RRSIG records
(although they can be requested manually).

Is this intended?

I am aware that there would be complications in narrow NSEC3 mode when
non-existent records are queried, but with regular NSEC3, everything
needed can be extracted from the zone file itself (it has an NSEC3PARAM


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160908/b192e2c4/attachment.sig>

More information about the Pdns-users mailing list