Zitat von Andreas Schulze <[email protected]>:
Am 02.12.2010 13:07 schrieb [email protected]:
You could start by checking "by-hand" eg. with
dig @remote-resolver some-secured.site +dnssec
and
dig @local-resolver some-secured.site +dnssec
Good point!
dig @::1 dnssec-validator.cz +dnssec does not contain ad
dig @external_resolver does.
If you get the "ad" in the resulting dig output DNSSEC validation succeed.
Of cource I have to *enable* DNSSEC validation.
I just forgot the root trustanchor in my local unbound.
In many cases the obvious is the most difficult to find ;-)
Glad to help DATEV on the way to DNSSEC
Regards
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
