lejeczek via bind-users
2018-10-10 14:57:44 UTC
hi guys
I'm quite sure I must be missing something trivial, yet my logic here
might be failing too...
I have a boxA which for local clients resolves mydom.local just fine.
And I've a boxB which
zone "mydom.local." IN {
forward first;
type forward;
forwarders port 53 { 10.3.1.100; };
};
and here is where I cannot resolve that mydom.local domain. On boxB logs
these show:
named[20124]: broken trust chain resolving 'mydom.local/A/IN': 10.3.1.100#53
named[20124]: no valid RRSIG resolving 'mydom.local/DNSKEY/IN':
10.3.1.100#53
I checked responses from boxA with +dnssec and as expected these are
secure(d).
boxA does allow-transfer boxB
What is the problem, what I got wrong there?
many thanks, L.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/lis
I'm quite sure I must be missing something trivial, yet my logic here
might be failing too...
I have a boxA which for local clients resolves mydom.local just fine.
And I've a boxB which
zone "mydom.local." IN {
forward first;
type forward;
forwarders port 53 { 10.3.1.100; };
};
and here is where I cannot resolve that mydom.local domain. On boxB logs
these show:
named[20124]: broken trust chain resolving 'mydom.local/A/IN': 10.3.1.100#53
named[20124]: no valid RRSIG resolving 'mydom.local/DNSKEY/IN':
10.3.1.100#53
I checked responses from boxA with +dnssec and as expected these are
secure(d).
boxA does allow-transfer boxB
What is the problem, what I got wrong there?
many thanks, L.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/lis