Forum Discussion
Validating resolver and trust anchors
Hi, I am trying to configure my F5 as a validating resolver. I am running 14.0 with a lab license so DNS is licensed. I am able to successfully resolve when using a transparent cache and a pool of DNS servers. I am able to successfully resolve when using a resolver cache. However, when trying to configure a validating resolver cache I am lost. If I am using a pool of dns servers which includes 8.8.8.8, what trust anchor should I configure? Also, what is the difference between a trust anchor and a dlv anchor? Do I need both? I have attempted to use the root trust anchors but I have no idea if that is correct either.
Root trust anchors I used.
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
- Dev_56330Cirrus
So while troubleshooting and making a ton of changes I am now able to resolve while using the validation resolver cache. To test what may have been the issue I removed the trust and dlv anchors and it is still resolving. If that is the case, what is the point of the trust anchors? Even if I don't have trust anchors should gtm still resolve recursive lookups when using a validating resolver cache?
- Dev_56330Cirrus
Since these trust anchors are from iana.org, the root DNS I have removed all DNS servers and I am using root hints only. Still no luck.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com