[dns-operations] VirtualBox NAT breaking DNSSEC validation ?
mthompson at hexwave.com
Mon Nov 8 19:29:43 UTC 2010
I am running VirtualBox on Snow Leopard with an XP guest. I have it
configured with vbox NAT, and I have a recursive DNS server on a
separate LAN through a router.
Using dig +dnssec @<dnssec recursive server> isc.org, I am able to get a
response with AD set and a 1458 byte response, so it appears to be
handling EDNS and >512 byte responses properly through NAT.
Can you describe your configuration a bit more? Are you performing
recursion/validation within the VM, or are you sending a recursion
desired message to an external recursive server?
A pcap dump of vbox communication would also be useful.
HexWave Software Systems
> Hi all,
> I am building a set of virtual machines for a a DNSSEC training course
> I will be teaching early next year. These VMs are right now running
> under VirtualBox on a MacOSX (Snow Leopard) host.
> I've noticed that if I configure the VMs network to be "bridged",
> DNSSEC validation works just fine, but if I move it behind
> VirtualBox's NAT, I start getting "broken trust chain" messages and
> most queries fail.
> Any comments will be greatly appreciated!
> Carlos M. Martinez-Cagnazzo
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations