绑定：设置 DLV：命名认为区域记录记录超出区域

转发区域文件：

$TTL 3600;

@ IN SOA ns1.sub.db.archives.net. hostmaster.sub.db.archives.net. (2014112100,4h,1h,7d,1h)

$ORIGIN dlv.isc.org. 
dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh

$ORIGIN sub.db.archives.net
        IN  NS  ns1.sub.db.archives.net.
        IN  NS  ns1.db.archives.net.

ns1     IN  A   10.103.35.64
luke        IN  A   10.103.35.64
bo      IN  A   10.103.35.65
daisy       IN  A   10.103.35.66
sheriff     IN  A   10.103.35.67
boss        IN  A   10.103.35.68

dlv.sub.db.archives.net. 0 IN TXT "DLV:1:agnznsezdrch"

$INCLUDE Ksub.db.archives.net.+008+21243.key
$INCLUDE Ksub.db.archives.net.+008+23059.key

我使用 dnssec-signzone 命令签署文件：

dnssec-signzone -l dlv.isc.org -o sub.db.archives.net。 -N 增量 -k Ksub.db.archives.net.+008+23059 sub.db.archives.net.fwd Ksub.db.archives.net.+008+21243

错误来自service named start：

/etc/named/master/sub.db.archives.net.fwd.signed:79: ignoring out-of-zone data (dlv.isc.org)
...
zone sub.db.archives.net/IN: has no NS records
zone sub.db.archives.net/IN: not loaded due to errors.
_default/sub.db.archives.net./IN: bad zone
/etc/named/master/sub.db.archives.net.rev:11: ignoring out-of-zone data (dlv.isc.org)
/etc/named/master/sub.db.archives.net.rev:17: ignoring out-of-zone data (64.sub.db.archives.net)
/etc/named/master/sub.db.archives.net.rev:18: ignoring out-of-zone data 
...
dns_master_load: /etc/named/master/sub.db.archives.net.rev:24: Ksub.db.archives.net.+008+21243.key: file not found

我查看了我的签名区域文件：

boss.sub.db.archives.net.dlv.isc.org.   3600 IN A 10.103.35.68
...

难怪找不到记录。但我不明白为什么会发生这种情况。我也不明白如何通过域后备验证来验证子网络

我确实尝试验证，假装该网络是 dlv.isc.org 的子网，可以预见的是，它告诉我们委托区域中没有记录。

我该怎么做？

我按照以下指示进行操作https://dlv.isc.org/about/using