Secure zone acting insecure
Jim Reid
jim at rfc1035.com
Mon Apr 30 09:23:59 UTC 2001
>>>>> "tinuviel" == tinuviel <tinuviel at another.com> writes:
>> Do you get the AD (Authentic Data) bit set on the answers for
>> this zone? That tells you the name server believes the zone has
>> been signed OK.
tinuviel> how you reconise the Authentic Data ?
The SIG (and maybe KEY and NXT) records that come back in the reply.
Each RRset has a SIG record which contains a digital signature of the
data that were signed. If the signature(s) fail to validate correctly
then the data they "sign" can't be considered authentic.
More information about the bind-users
mailing list