dig -- only RRSIG present.
Spain, Dr. Jeffry A.
spainj at countryday.net
Mon Feb 13 04:43:56 UTC 2012
> But another question remains, where's the DNSKEY record which's the missing link as of the current time.
> Querying --
> dig +dnssec -t DNSKEY yahoo.com @198.41.0.4
> Does not return anything.
I think that yahoo.com is probably not a DNSSEC-signed zone and so has no DNSKEY records. Otherwise the query below would return DNSSEC-related records and probably an AD flag. By the way, bind.odvr.dns-oarc.net is a publicly-available DNSSEC-enabled recursive resolver that is good to use for testing purposes. See https://www.dns-oarc.net/oarc/services/odvr. Jeff
PS C:\> dig '@bind.odvr.dns-oarc.net.' yahoo.com +dnssec
; <<>> DiG 9.9.0rc2 <<>> @bind.odvr.dns-oarc.net. yahoo.com +dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6844
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;yahoo.com. IN A
;; ANSWER SECTION:
yahoo.com. 3600 IN A 72.30.2.43
yahoo.com. 3600 IN A 98.137.149.56
yahoo.com. 3600 IN A 98.139.183.24
yahoo.com. 3600 IN A 209.191.122.70
;; AUTHORITY SECTION:
yahoo.com. 161515 IN NS ns1.yahoo.com.
yahoo.com. 161515 IN NS ns5.yahoo.com.
yahoo.com. 161515 IN NS ns4.yahoo.com.
yahoo.com. 161515 IN NS ns3.yahoo.com.
yahoo.com. 161515 IN NS ns2.yahoo.com.
;; Query time: 795 msec
;; SERVER: 2001:4f8:3:2bc:1:0:64:20#53(2001:4f8:3:2bc:1:0:64:20)
;; WHEN: Sun Feb 12 23:39:39 2012
;; MSG SIZE rcvd: 192
More information about the bind-users
mailing list