[Pdns-users] DNSSEC: How to add TA for . to recursor of self hosted . zone
Jan Huijsmans
bofh at koffie.nu
Tue Mar 5 12:05:58 UTC 2024
On Tue, 5 Mar 2024 07:46:23 +0100
Otto Moerbeek <otto at drijf.net> wrote:
> On Mon, Mar 04, 2024 at 05:01:12PM +0100, Jan Huijsmans via Pdns-users wrote:
> > Hello,
> >
> > I'm tryting to setup a DNSSEC lab environment with an isolated DNS set.
*argh* PEBCAK...
Had 2 major issues in my setup.
1. had no default-soa-edit set on authoritive.
should work on pdns-only environments, but somehow the secondaries didn't
notice RRSIG changes. No clue why, but as bind needs to be able to be
secondary, this had to be set anyway.
2. Was testing via recursor with lua-script config option commented out...
Not helping. :(
Checking with rec_control get-tas didn't show my TA, so I manually added
it and it worked. Diving deeper into my config and I found the # which I
was sure I removed...
Regards,
Jan Huijsmans
More information about the Pdns-users
mailing list