I am trying to use BIND and to configure it using DNSSEC. The drill command gives me this:
So, I suppose, the thing does not work as I wanted. Could it be seen what is wrong?
/etc/resolv.conf
I have these lines in /usr/local/etc/namedb/named.conf
May be something with "forwarders" option (that is commented in my config)?
Code:
drill -S www.FreeBSD.org
;; Number of trusted keys: 1
;; Chasing: www.freebsd.org. A
DNSSEC Trust tree:
www.freebsd.org. (CNAME)
|---freebsd.org. (DNSKEY keytag: 6441 alg: 8 flags: 256)
|---freebsd.org. (DNSKEY keytag: 60160 alg: 8 flags: 257)
|---freebsd.org. (DS keytag: 60160 digest type: 2)
|---org. (DNSKEY keytag: 44603 alg: 7 flags: 256)
|---org. (DNSKEY keytag: 9795 alg: 7 flags: 257)
|---org. (DNSKEY keytag: 17883 alg: 7 flags: 257)
|---org. (DS keytag: 9795 digest type: 2)
| |---. (DNSKEY keytag: 16749 alg: 8 flags: 256)
| |---. (DNSKEY keytag: 19164 alg: 8 flags: 385)
| |---. (DNSKEY keytag: 20326 alg: 8 flags: 257)
|---org. (DS keytag: 9795 digest type: 1)
|---. (DNSKEY keytag: 16749 alg: 8 flags: 256)
|---. (DNSKEY keytag: 19164 alg: 8 flags: 385)
|---. (DNSKEY keytag: 20326 alg: 8 flags: 257)
No trusted keys found in tree: first error was: No DNSSEC public key(s)
;; Chase failed./etc/resolv.conf
Code:
nameserver 127.0.0.1
options edns0
Code:
dnssec-validation auto;
dnssec-enable yes;