On 02/13/12 11:00, Spain, Dr. Jeffry A. wrote:
Using this DNS server, I'm still not getting the DNSKEY for any DNSSEC capable
domain; infact this server has issues -
dig +dnssec -t A dnssec.net @bind.odvr.dns-oarc.net.
I'd be really happy if I could get some domains which are signed.
Try this one: dig @bind.odvr.dns-oarc.net. isc.org +dnssec
You should get an AD flag returned and a variety of RRSIG records. Jeff.
I hope I'm not missing any concepts here, but there should be a public
key to verify the RRSIG, where's that? Shouldn't the server return
additional DNSKEY records?
Also if I replace bind.odvr.dns-oarc.net. with one of the root
nameservers, why is it that AD flag is not set? The root nameservers are
DNSSEC capable.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
