> I tried from google dns (8.8.8.8) also but didnt get AD bit set. This may > be because 8.8.8.8 might not be configured for DLV validation.
Google's DNS servers don't do proper DNSSEC validation. > Is there any open dns available from which I can check my domain for AD > flag set????????????? Not to my knowledge, but I've just tried for you, and it looks fine: $ dig +multiline +dnssec test.nknsec.in ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20577 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1 ^^ ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;test.nknsec.in. IN A ;; ANSWER SECTION: test.nknsec.in. 360 IN A 10.1.27.25 test.nknsec.in. 360 IN RRSIG A 5 3 360 20120204072952 ( 20120105072952 16755 test.nknsec.in. DcLPb3hVDqal64UQe3Vk4NjbMRwSSWHNy4r/Bk42M2WQ LZYBt9p7NpIT6g1AVdP2vyFs2q4CbA/QLUMeVWptvHBN ZcA8/M4DpW5GpsOmC3SeZe01lCUzbANN/+NNg/PwHsPh LUOEatmjZxfrU3lGpxXFF527ohzxXatZdX48lsM= ) _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users