How to validate DNSSEC signed record with dig?
Nikolay Shaplov
n at shaplov.ru
Sun Feb 5 19:56:10 UTC 2012
Hi!
I am trying to validate DNSSEC signature on ns record using dig.
Domain nox.su is properly signed using DNSSEC. Prove link:
http://dnssec-debugger.verisignlabs.com/nox.su
I am trying to validate it as dicribed here:
http://bryars.eu/2010/08/validating-and-exploring-dnssec-with-dig/
$ dig +nocomments +nostats +nocmd +noquestion -t dnskey . > trusted-key.key
$ dig +topdown +sigchase nox.su
but it gives me ";; DSset is missing to continue validation: FAILED" error
while processing the whole hierarchy of zones.
$ cat /etc/resolv.conf
# Generated by NetworkManager
domain router
search router
nameserver 8.8.8.8
nameserver 78.46.213.227
dig is built with DIG_SIGCHASE option.
What am I doing wrong and how to do it right? :-)
More information about the bind-users
mailing list