DNSSec valdiation fails for some queries

  • Thread starter Windows Server 2016 RDS - Recht zum erstellen von
  • Start date
W

Windows Server 2016 RDS - Recht zum erstellen von

Hello,

we have enabled "DNSSec validation for remote responses" and imported the latest RootTrustAnchor.


After that some Domains fail to validate ("server failed" in nslookup and "servfail" in dig).The same problem exists on 4 different servers.
It permanently fails to resolve "www.opnsense.org".



dig @192.168.XXX.XX www.opnsense.org +dnssec
;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17340

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 4000

;; QUESTION SECTION:

;www.opnsense.org. IN A



;; Query time: 0 msec

;; SERVER: 192.168.xx.xx#53(192.168.xx.xx)

;; WHEN: Thu Sep 05 13:50:00 CEST 2019

;; MSG SIZE rcvd: 45



I've found the following problem description:

https://support.microsoft.com/de-ch...-dnssec-signed-zones-in-a-windows-server-2012



Since we have Windows Server 2012 (without R2) I'm not sure if this fix is already included or can be installed at all.
Or the problem has another reason.



Thank you,

Christoph

Continue reading...
 
You must log in or register to reply here.

Similar threads

N
Windows Server 2016 DNS Server cannot resolve some external sites
Replies
0
Views
531
Najib br
N
Server Man
Top Support Solutions for Windows Server 2012 and Windows Server 2012 R2
Replies
0
Views
689
Server Man
Server Man
Back
Top Bottom