Eduardo Júnior wrote: > it's possible configure dnssec only between 2 name servers, first is > the authoritative and second is the recurisve? The authoritative name > server would have zones signed and the recursive will do querys and > validation.
Sure, why not? I personally prefer my setup whereby I have included the IANA testbed: https://ns.iana.org/dnssec/status.html. In other words, I use their root hints and zonefiles in my test-environment. In fact, I even managed to get an appearantly valid chain of trust all the way up to my 'home.forfunsec.org' testdomain with it. Quite instructive and fun to play with. :-) > And using dig (properly compiled and configured) makes > requests to recursive and validation occurs correctly? Yep, that sounds like it should work. But you might like 'drill', from NlNetlabs: http://www.nlnetlabs.nl/projects/ldns/ (sorry, for being a bit off-topic here) Regards, -- Marco Davids SIDN _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
