[dns-operations] VirtualBox NAT breaking DNSSEC validation ?

Matt Thompson mthompson at hexwave.com
Mon Nov 8 19:29:43 UTC 2010

Hi Carlos,

I am running VirtualBox on Snow Leopard with an XP guest. I have it
configured with vbox NAT, and I have a recursive DNS server on a
separate LAN through a router.

Using dig +dnssec @<dnssec recursive server> isc.org, I am able to get a
response with AD set and a 1458 byte response, so it appears to be
handling EDNS and >512 byte responses properly through NAT.

Can you describe your configuration a bit more? Are you performing
recursion/validation within the VM, or are you sending a recursion
desired message to an external recursive server?

A pcap dump of vbox communication would also be useful.


Matt Thompson
HexWave Software Systems

> Hi all,
> I am building a set of virtual machines for a a DNSSEC training course
> I will be teaching early next year. These VMs are right now running
> under VirtualBox on a MacOSX (Snow Leopard) host.
> I've noticed that if I configure the VMs network to be "bridged",
> DNSSEC validation works just fine, but if I move it behind
> VirtualBox's NAT, I start getting "broken trust chain" messages and
> most queries fail.
> Any comments will be greatly appreciated!
> regards
> Carlos
> -- 
> --
> =========================
> Carlos M. Martinez-Cagnazzo
> http://cagnazzo.name
> =========================
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20101108/39283af7/attachment.html>

More information about the dns-operations mailing list