[Dnssec-trigger] dnssec-trigger and local-zone

Ralf Jung post at ralfj.de
Wed Oct 15 17:09:26 UTC 2014

Hi again,

> I think setting an "insecure" forward zone for your hacker-space domain
> to the local DNS server (unbound) could help.
> You could set up your local DHCP server to propagate that domain as a search
> domain. Then the dnssec-trigger dispatcher script should set up the forward
> zone automatically on the client. I'm not sure which version of the trigger
> you're running, but if it is the latest, just adjust the /etc/dnssec.conf,
> set up the search domain in your DHCP server and it should work.

I ended up using a subdomain of our own domain, which has an insecure
delegation, so that people don't have to configure their dnssec-trigger.
That seems to work, "host name.local.our-domain" works fine. However,
"host name" does not work because the DHCP-provided search name is not
put into /etc/resolv.conf. Is that expected? It seems like a bug to me.

Kind regards

More information about the dnssec-trigger mailing list