Am 02.12.2010 13:07 schrieb [email protected]: > You could start by checking "by-hand" eg. with > dig @remote-resolver some-secured.site +dnssec > and > dig @local-resolver some-secured.site +dnssec
Good point! dig @::1 dnssec-validator.cz +dnssec does not contain ad dig @external_resolver does. > If you get the "ad" in the resulting dig output DNSSEC validation succeed. Of cource I have to *enable* DNSSEC validation. I just forgot the root trustanchor in my local unbound. Thanks! -- Andreas Schulze Internetdienste | P532 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
