sharing your named-checkconf -p output would be a good start. bind.keys
should not be required, if your build is recent and it has new key
built-in. Please share also your BIND version.
Difference between auto and yes is, auto includes built-in keys
automatically. With yes, you have to include them yourself.
to your configuration, if dnssec-validation yes; is used.
On 11/12/20 11:18 AM, Onur GURSOY wrote:
> Hello Everyone,
> I have some trouble about bin9 and dnssec
> When i set dnssec-validation to auto.
> My dns server is talking with google dns server (184.108.40.206 and 220.127.116.11)
> when i set to dnssec-validation to yes
> it couldn't talk with google dns server.
> i have realized, there is no pre defined bind.keys.
> I donwload it from this
> https://downloads.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11 > and i added manually but result is the same
> They didn't talk with google dns server.
> where is the difference auto and yes.
> and why default bind.keys file didn't come by default
> Where is the problem.
> If you want i can provide wireshark output.
> Many Many Thanks,
> With My Best Regards,
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> bind-users mailing list
> [hidden email] > https://lists.isc.org/mailman/listinfo/bind-users >