Enhancement #287
closed
Added by Marc Dequènes almost 13 years ago.
Updated over 9 years ago.
Description
Two things:
- create a minimalist 42 zone, with a www entry towards www-hosting
- add the 42 TLD resolver configuration to every server (meaning sometimes using a remote DC NS or install bind9)
- Priority changed from Normal to Low
- Status changed from New to In Progress
- % Done changed from 0 to 50
The zone has been created.
Th resolver configuration is done but does not work due to DNSSEC validation. As the root zone is signed, and the insecurity proof failed, results are rejected. See the second note in http://www.isc.org/files/arm96.html#id2550987. The dnssec-must-be-secure statement is useless for this purpose, as it only cares about adding a constraint on the zone being signed independently of validation using the parent zone. I don't have any solution yet.
For the record, the error message can be found on Orfeo in /var/log/named/dnssec.log:
04-Feb-2012 01:20:19.473 validating @0x7f531cf4b720: nic.42 SOA: got insecure response; parent indicates it should be secure
Unbound can exclude a branch from the DNSSEC validation, which could be configured after #292 is solved.
- Status changed from In Progress to Rejected
The 42 TLS is dead.
DNS configuration purged.
Also available in: Atom
PDF
Updated by