Forum Discussion

Nimbostratus

May 31, 2014

GTM DNSSEC module and dotgov domains

Hi, I am trying to get a .gov domain hosted by us on a GTM with the DNSSEC module configured and am running into issues getting it to pass the validation tests from the feds. They are wanting t...

BIG-IP DNS

deployment

Cory_50405

Noctilucent

Jun 02, 2014

I work for a federal government agency as well, and we're subject to the same processes. We have DNSSEC working for all of our domains and we don't publish DS records. The DS record is hosted by the parent, which in this case is dotgov.gov. If you are getting a response for a DS record for a .gov domain, it's likely coming from dotgov. Dotgov is probably saying they aren't finding a corresponding DNSKEY (vice a DS record) on your GTMs. Do you have your zones created with a KSK and ZSK assigned to them? If so, then there should be a DNSKEY in place.

https://grepular.com/Understanding_DNSSEC

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)