Enhancement #287
closed
Enhancement #286: The 42 Project
42 DNS
50%
Description
- create a minimalist 42 zone, with a www entry towards www-hosting
- add the 42 TLD resolver configuration to every server (meaning sometimes using a remote DC NS or install bind9)
Updated by Marc Dequènes about 12 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 50
The zone has been created.
Th resolver configuration is done but does not work due to DNSSEC validation. As the root zone is signed, and the insecurity proof failed, results are rejected. See the second note in http://www.isc.org/files/arm96.html#id2550987. The dnssec-must-be-secure statement is useless for this purpose, as it only cares about adding a constraint on the zone being signed independently of validation using the parent zone. I don't have any solution yet.
Updated by Marc Dequènes about 12 years ago
For the record, the error message can be found on Orfeo in /var/log/named/dnssec.log:
04-Feb-2012 01:20:19.473 validating @0x7f531cf4b720: nic.42 SOA: got insecure response; parent indicates it should be secure
Updated by Marc Dequènes about 12 years ago
Unbound can exclude a branch from the DNSSEC validation, which could be configured after #292 is solved.
Updated by Marc Dequènes almost 9 years ago
- Status changed from In Progress to Rejected
The 42 TLS is dead.
DNS configuration purged.