> $ bin/dig/dig +sigchase +trusted-key=./root.keys tools.ietf.org. | tail -2 > ;; RRSIG is missing for continue validation: FAILED > > > and the latter failure is something that I don't understand. > If the IETF can not get DNSSEC right, who should?
tools.ietf.org is not signed (http://dnsviz.net/d/tools.ietf.org/Vx-T4Q/dnssec/). You forced dig to validate its signature but there are none. Daniel _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
