Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

Recursion enabled is required for DNSSEC ?

[ Edited ]
New Member
Posts: 1
1214     0

Hello, I have a question regarding DNSSEC.

Do we need to enable recursion on the Name Servers used to host a signed zone (DNSSEC)?

 

I'm asking as the below PDF doc says recursion must be enabled as a Pre-requisite for DNSSEC Validation.

 

https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-dnssec.pdf

 

DNSSEC validation
Prerequisites
1. EDNS0 must be enabled and supported by your networking equipment.
a. Check the section Troubleshooting for a quick method on how to test if your environment
supports EDNS0.
2. Recursion must be enabled

 

Also, we have tested DNSSEC in one Lab server with recursion disable and as per https://dnssec-debugger.verisignlabs.com/ output everything is green.

 

So, I'm not sure why the Name servers must to have Recursion enabled or what it means.

 

Let me know your comments.

 

Thanks in Advance.

 

Omar.

 

Re: Recursion enabled is required for DNSSEC ?

New Member
Posts: 2
1215     0

DNSSEC validation is when your server is querying other servers.  It's unrelated to signing zones on your authoritative servers.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You