THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

NIOS DNS DHCP IPAM

Reply

Recursion enabled is required for DNSSEC ?

[ Edited ]
omun0z
New Member
Posts: 1

‎10-26-2021 11:53 AM - edited ‎10-26-2021 02:25 PM

1648     0

Hello, I have a question regarding DNSSEC.

Do we need to enable recursion on the Name Servers used to host a signed zone (DNSSEC)?

 

I'm asking as the below PDF doc says recursion must be enabled as a Pre-requisite for DNSSEC Validation.

 

https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-dnssec.pdf

 

DNSSEC validation
Prerequisites
1. EDNS0 must be enabled and supported by your networking equipment.
a. Check the section Troubleshooting for a quick method on how to test if your environment
supports EDNS0.
2. Recursion must be enabled

 

Also, we have tested DNSSEC in one Lab server with recursion disable and as per https://dnssec-debugger.verisignlabs.com/ output everything is green.

 

So, I'm not sure why the Name servers must to have Recursion enabled or what it means.

 

Let me know your comments.

 

Thanks in Advance.

 

Omar.

 

Labels:
Reply
0 Kudos

Re: Recursion enabled is required for DNSSEC ?
tkrowland
New Member
Posts: 2

‎10-29-2021 09:22 PM

1649     0

DNSSEC validation is when your server is querying other servers.  It's unrelated to signing zones on your authoritative servers.

Reply
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements