[Dnssec-trigger] dnssec-trigger and local-zone

Ralf Jung post at ralfj.de
Wed Oct 15 15:36:34 UTC 2014


> I think setting an "insecure" forward zone for your hacker-space domain
> to the local DNS server (unbound) could help.
> You could set up your local DHCP server to propagate that domain as a search
> domain. Then the dnssec-trigger dispatcher script should set up the forward
> zone automatically on the client. I'm not sure which version of the trigger
> you're running, but if it is the latest, just adjust the /etc/dnssec.conf,
> set up the search domain in your DHCP server and it should work.

I am using the version in Debian:

Do you mean /etc/dnssec-trigger/dnssec.conf? That file contains
"validate_connection_provided_zones=yes", I guess that's what I have to
change. I'll try it ASAP, thanks for the pointer!

What will happen if the DHCP server sets up "." as search domain? Will
DNSSEC be effectively disabled?

Kind regards

More information about the dnssec-trigger mailing list