It is working.
--
$ dig test.nknsec.in +dnssec
; <<>> DiG 9.8.1 <<>> test.nknsec.in +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4578
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL:
Hello,
The authoritative NS for nknsec.in. *does* give answers with corresponding
RRSIGs !
$ dig @ns1.nknsec.in. test.nknsec.in. +dnssec +short
10.1.27.25
A 5 3 360 20120204072952 20120105072952 16755 test.nknsec.in.
DcLPb3hVDqal64UQe3Vk4NjbMRwSSWHNy4r/Bk42M2WQLZYBt9p7NpIT
6g1AVdP2vyFs2q4CbA
IP - 6259
Operation And Routing Unit
NIC , NEW DELHI
From: Marc Lampo [mailto:marc.la...@eurid.eu]
Sent: Wednesday, January 11, 2012 12:52 PM
To: 'Gaurav kansal'; bind-users@lists.isc.org
Subject: RE: DNSSEC authentication and ad parameter
Hello,
The authoritative NS for nkn
On 11/01/2012 11:13, Gaurav kansal wrote:
Hi Gaurav,
> Now, I understand why I was not getting my “AD” flag set in query response.
>
> I tried from google dns (8.8.8.8) also but didn’t get “AD” bit set. This may
> be because 8.8.8.8 might not be configured for DLV validation.
>
> Is there any o
> I tried from google dns (8.8.8.8) also but didnt get AD bit set. This may
> be because 8.8.8.8 might not be configured for DLV validation.
Google's DNS servers don't do proper DNSSEC validation.
> Is there any open dns available from which I can check my domain for AD
> flag set??
> DNS OARC runs a pair of validating servers, open to the public.
It appears their BIND server has DLV anchor configured, but their
Unbound instance doesn't.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Ya.
It also appears the same to me.
-Original Message-
From: Jan-Piet Mens [mailto:jpm...@gmail.com] On Behalf Of Jan-Piet Mens
Sent: Wednesday, January 11, 2012 5:00 PM
To: bind-users@lists.isc.org
Cc: Gaurav kansal
Subject: Re: DNSSEC authentication and ad parameter
> DNS O
kansal
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC authentication and ad parameter
On 11/01/2012 11:13, Gaurav kansal wrote:
Hi Gaurav,
> Now, I understand why I was not getting my "AD" flag set in query
response.
>
> I tried from google dns (8.8.8.8) also but didn't
8 matches
Mail list logo
