Re: [knot-dns-users] mod-synth-record + DNSSEC = SERVFAIL

28 Lis 2016

On 28 November 2016 at 05:18, Alarig Le Lay &lt;alarig(a)swordarmor.fr&gt; wrote:

...
  Hi,

 I use mod-synth-record to provide some reverse records for a LAN.
 tregon-grifon.swordarmor.fr. is signed with DNSSEC, but I have a RRSIG
 only for the records in the pasted file.

Yes, this is going to fail.  To get around this knot would have to
implement signing on-the-fly.  I'm not sure if that's on the roadmap
anywhere.

If you want to sign tregon-grifon.swirdarmor.fr, then I'd suggest creating
an insecure delegation to a separate zone (e.g.
dynamic.tregon-grifon.swordarmor.fr) and put your synthesized records in
that zone.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [knot-dns-users] mod-synth-record + DNSSEC = SERVFAIL