Validating a DNSSEC installation
Jeremy C. Reed
jreed at isc.org
Thu Jun 11 22:19:55 UTC 2009
On Thu, 11 Jun 2009, Erik Lotspeich wrote:
> Although I'm not new to DNS, I'm new to DNSSEC. I have read
> documentation and howtos regarding DNSSEC.
>
> I believe that I have it configured and working for my domain,
> lotspeich.org. I have registered with the ISC's DLV registry. I am
> having trouble finding the best way for me to validate that my setup is
> working and that my zone validates. I've looked into drill and
> dnssec-tools, but it isn't clear to me how to use these tools with ISC's
> DLV.
>
> Any help would be greatly appreciated.
Hi Erik,
For me:
dig +dnssec lotspeich.org
does return RRSIG but no "ad" (authenticated data) flag.
lotspeich.org.dlv.isc.org doesn't yet exist in ISC's DLV.
dig +dnssec lotspeich.org.dlv.isc.org DLV
for me is flagged "ad" and NXDOMAIN
(Maybe wait until served by the ISC DLV nameservers? I didn't check
internally if was registered.)
More information about the bind-users
mailing list