> But another question remains, where's the DNSKEY record which's the missing > link as of the current time. > Querying -- > dig +dnssec -t DNSKEY yahoo.com @198.41.0.4 > Does not return anything.
I think that yahoo.com is probably not a DNSSEC-signed zone and so has no DNSKEY records. Otherwise the query below would return DNSSEC-related records and probably an AD flag. By the way, bind.odvr.dns-oarc.net is a publicly-available DNSSEC-enabled recursive resolver that is good to use for testing purposes. See https://www.dns-oarc.net/oarc/services/odvr. Jeff PS C:\> dig '@bind.odvr.dns-oarc.net.' yahoo.com +dnssec ; <<>> DiG 9.9.0rc2 <<>> @bind.odvr.dns-oarc.net. yahoo.com +dnssec ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6844 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 3600 IN A 72.30.2.43 yahoo.com. 3600 IN A 98.137.149.56 yahoo.com. 3600 IN A 98.139.183.24 yahoo.com. 3600 IN A 209.191.122.70 ;; AUTHORITY SECTION: yahoo.com. 161515 IN NS ns1.yahoo.com. yahoo.com. 161515 IN NS ns5.yahoo.com. yahoo.com. 161515 IN NS ns4.yahoo.com. yahoo.com. 161515 IN NS ns3.yahoo.com. yahoo.com. 161515 IN NS ns2.yahoo.com. ;; Query time: 795 msec ;; SERVER: 2001:4f8:3:2bc:1:0:64:20#53(2001:4f8:3:2bc:1:0:64:20) ;; WHEN: Sun Feb 12 23:39:39 2012 ;; MSG SIZE rcvd: 192 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users