[Pdns-users] DNSSEC and SOA records
Tamer Canki
tamerkc at gmail.com
Sun Jul 21 20:10:59 UTC 2019
Hello,
I have setup PowerDNS 4.2.0-rc2 through the CentOS 7 repository. Everything
works fine except SOA replies in AUTHORITY SECTIONs with DNSSEC enabled. We
are testing the domain through the well-known validator Internet.nl and it
results in a BOGUS validation. They state that it's because test.nizari.nl
is not returning SOA records in the AUTHORITY SECTION.
The following works and returns a proper SOA answer:
dig soa nizari.nl
dig soa test.nizari.nl @ns1.nizari.nl
dig soa test.nizari.nl @1.1.1.1
dig soa test.nizari.nl @8.8.8.8 +cd
The following does not work and results in a SERVFAIL:
dig soa test.nizari.nl
dig soa test.nizari.nl @8.8.8.8
Is this normal behaviour or is there something wrong with my config? The
nameservers run simply in a MySQL cluster.
pdns.conf:
local-address=0.0.0.0
local-ipv6=::
local-port=5300
launch=gmysql,geoip
gmysql-host=
gmysql-user=
gmysql-dbname=
gmysql-password=
geoip-database-files
loglevel=9
enable-lua-records=yes
edns-subnet-processing=yes
log-dns-queries=yes
gmysql-dnssec=yes
disable-syslog=yes
resolver=8.8.8.8,[2001:4860:4860::8888]
If there is something wrong with my config, why does 1.1.1.1 work and
8.8.8.8 not?
I see no errors in the logs and all other DNS related stuff is working.
DNSVIZ results are OK.
Any help or tips can be of use, I have been debugging this for three days
now. Thank you for reading!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190721/5f34a811/attachment.html>
More information about the Pdns-users
mailing list