RoRoo
Verified User
- Joined
- Dec 16, 2004
- Messages
- 117
Hi,
We've got one DA machine functioning both as primary and secondary DNS for it's configured domain names.
on one domain DNSSec somehow got activated. This resulted in DNS SEC enabled servers (e.g. Google Public 8.8.8.8) were unable to resolve because of an error.
The error that we receive through the DNS Check tool is as follows:
Inconsistent security for domain.net - DS found at parent, but no DNSKEY found at child.
The parent has a secure delegation to the child (indicated by DS RRset at the parent), but the child has no DNSKEY. This is probably due to a previously signed zone that became unsigned without requesting the parent to remove the secure delegation
When I enabled the dnssec setting in directadmin.conf it showed no errors and keys were correct.
Regeneration didn't help.
Is is even possible to use DNSSec on one server or do we need a second server doing secondary dns?
We've got one DA machine functioning both as primary and secondary DNS for it's configured domain names.
on one domain DNSSec somehow got activated. This resulted in DNS SEC enabled servers (e.g. Google Public 8.8.8.8) were unable to resolve because of an error.
The error that we receive through the DNS Check tool is as follows:
Inconsistent security for domain.net - DS found at parent, but no DNSKEY found at child.
The parent has a secure delegation to the child (indicated by DS RRset at the parent), but the child has no DNSKEY. This is probably due to a previously signed zone that became unsigned without requesting the parent to remove the secure delegation
When I enabled the dnssec setting in directadmin.conf it showed no errors and keys were correct.
Regeneration didn't help.
Is is even possible to use DNSSec on one server or do we need a second server doing secondary dns?