Forum Discussion

Dev_56330's avatar
Dev_56330
Icon for Cirrus rankCirrus
Sep 15, 2018

Validating resolver and trust anchors

Hi, I am trying to configure my F5 as a validating resolver. I am running 14.0 with a lab license so DNS is licensed. I am able to successfully resolve when using a transparent cache and a pool of DNS servers. I am able to successfully resolve when using a resolver cache. However, when trying to configure a validating resolver cache I am lost. If I am using a pool of dns servers which includes 8.8.8.8, what trust anchor should I configure? Also, what is the difference between a trust anchor and a dlv anchor? Do I need both? I have attempted to use the root trust anchors but I have no idea if that is correct either.

 

Root trust anchors I used.

 

. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

 

. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

 

  • Since these trust anchors are from iana.org, the root DNS I have removed all DNS servers and I am using root hints only. Still no luck.

     

  • So while troubleshooting and making a ton of changes I am now able to resolve while using the validation resolver cache. To test what may have been the issue I removed the trust and dlv anchors and it is still resolving. If that is the case, what is the point of the trust anchors? Even if I don't have trust anchors should gtm still resolve recursive lookups when using a validating resolver cache?