Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

NIOS DNS DHCP IPAM

Reply

Recursion enabled is required for DNSSEC ?

[ Edited ]
Member
Posts: 1
556     0

Hello, I have a question regarding DNSSEC.

Do we need to enable recursion on the Name Servers used to host a signed zone (DNSSEC)?

 

I'm asking as the below PDF doc says recursion must be enabled as a Pre-requisite for DNSSEC Validation.

 

https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-dnssec.pdf

 

DNSSEC validation
Prerequisites
1. EDNS0 must be enabled and supported by your networking equipment.
a. Check the section Troubleshooting for a quick method on how to test if your environment
supports EDNS0.
2. Recursion must be enabled

 

Also, we have tested DNSSEC in one Lab server with recursion disable and as per https://dnssec-debugger.verisignlabs.com/ output everything is green.

 

So, I'm not sure why the Name servers must to have Recursion enabled or what it means.

 

Let me know your comments.

 

Thanks in Advance.

 

Omar.

 

Re: Recursion enabled is required for DNSSEC ?

Member
Posts: 2
557     0

DNSSEC validation is when your server is querying other servers.  It's unrelated to signing zones on your authoritative servers.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You