dig -- only RRSIG present.
dE .
de.techno at gmail.com
Mon Feb 13 14:48:20 UTC 2012
On 02/13/12 18:57, Spain, Dr. Jeffry A. wrote:
>>> Ok, thanks a lot. I thought it was a client process. Now I can query
>>> for the DS, DNSKEY records from isc.org.
>>> Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind
>>> has such a caching program? Do we have a DNSSEC capable resolver in BIND?
>> Bind *is* a caching program.
>> Yes, bind is a DNSSEC-capable resolver.
> Given your interest in the internals of the DNSSEC validation process, you should consider building your own bind recursive resolver. You could use wireshark to see all the information flow between it and the various authoritative servers it queries following a 'dig @localhost ...' command. You could use 'rndc flush' between queries so that the cache does not obscure what is happening. Jeff.
>
Yes, that's on the way. DNS server/cache using BIND tools. I already
know how to do it with djbdns.
Thanks for all the help!! :-)
More information about the bind-users
mailing list