[Pdns-users] Problem with DNSSEC from bind to powerdns
abubin
abubin at gmail.com
Thu Apr 18 08:23:43 UTC 2019
Hi,
I have just installed pdns and pdns-recursor on a server in secondary site.
The primary site is using CentOS 7 bind to host private DNS.
I am trying to create a forwarding DNS from bind to pdns in primary site.
For example, when I query the primary DNS (1.2.3.4), it will forward
certain domains to secondary DNS.
The zone file for bind have this:
zone "myown.com" IN {
type forward;
forward only;
forwarders { 10.10.10.10; };
};
However, due to DNSSEC it is not resolving the zone. It will work if I
disable DNSSEC in bind. I have already enable DNSSEC for myown.com in pdns
but it still giving error from bind.
Apr 18 16:15:50 kdns named[25128]: validating www.myown.com/A: no valid
signature found
Apr 18 16:15:50 kdns named[25128]: validating www.myown.com/A: bad cache
hit (www.myown.com/DS)
Apr 18 16:15:50 kdns named[25128]: broken trust chain resolving '
www.myown.com/A/IN': 10.10.10.10#53
I am stumped on how to resolve this. Been searching online for whole day
already but unable to find solution.
If I disable the DNS in BIND;
dnssec-enable no;
dnssec-validation no;
It will work.
nslookup www.myown.com localhost
Server: localhost
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.myown.com
Address: 1.1.2.2
Would highly appreciate any help or suggestions.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190418/90cf3e3e/attachment.html>
More information about the Pdns-users
mailing list