[Dnssec-trigger] dnssec-trigger and local-zone
post at ralfj.de
Tue Oct 14 20:06:44 UTC 2014
I am currently experimenting wit the DNS setup in our local hackerspace.
Our router does not support DNSSEC as cache, so I set up an unbound on a
server in our space, and configured DHCP appropriately. dnssec-trigger
detects that our local cache supports DNSSEC. That's generally working fine.
However, we do have a "local-zone" configured to manage the names of
machines in the space. And when I run dnssec-trigger on my machine,
these names fail to resolve with a SERVFAIL. I assume that's because our
local TLD is not properly signed by the root zone - and in fact, how
could it be.
Is there a way to set up local zones in a way that still works with
DNSSEC-validating resolvers? I tried using the ".local" TLD, but that
doesn't seem to work either.
More information about the dnssec-trigger