Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation

11 Apr 2018


      Hi All,
Is there anyone who uses Bind9? I'll setup DNSSEC on all Exits but I would like to validate the config.
I have done this on 41781FDC57238DAB955DF6D6E8400CEC5ACBE706
options {
        directory "/var/cache/bind";
dnssec-enable yes;
        dnssec-validation yes;
auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { ::1; };
        listen-on { 127.0.0.1; };
        allow-recursion { 127.0.0.1; ::1; };
};
include "/etc/bind/bind.keys";
When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if its working.
There is no forwarding.
Paul

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation