dig -- only RRSIG present.
Spain, Dr. Jeffry A.
spainj at countryday.net
Mon Feb 13 13:27:48 UTC 2012
>> Ok, thanks a lot. I thought it was a client process. Now I can query
>> for the DS, DNSKEY records from isc.org.
>> Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind
>> has such a caching program? Do we have a DNSSEC capable resolver in BIND?
> Bind *is* a caching program.
> Yes, bind is a DNSSEC-capable resolver.
Given your interest in the internals of the DNSSEC validation process, you should consider building your own bind recursive resolver. You could use wireshark to see all the information flow between it and the various authoritative servers it queries following a 'dig @localhost ...' command. You could use 'rndc flush' between queries so that the cache does not obscure what is happening. Jeff.
More information about the bind-users
mailing list