DNSSEC authentication and ad parameter
Jan-Piet Mens
jpmens.dns at gmail.com
Wed Jan 11 11:25:07 UTC 2012
> I tried from google dns (8.8.8.8) also but didn’t get “AD” bit set. This may
> be because 8.8.8.8 might not be configured for DLV validation.
Google's DNS servers don't do proper DNSSEC validation.
> Is there any open dns available from which I can check my domain for “AD”
> flag set?????????????
Not to my knowledge, but I've just tried for you, and it looks fine:
$ dig +multiline +dnssec test.nknsec.in
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20577
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
^^
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;test.nknsec.in. IN A
;; ANSWER SECTION:
test.nknsec.in. 360 IN A 10.1.27.25
test.nknsec.in. 360 IN RRSIG A 5 3 360 20120204072952 (
20120105072952 16755 test.nknsec.in.
DcLPb3hVDqal64UQe3Vk4NjbMRwSSWHNy4r/Bk42M2WQ
LZYBt9p7NpIT6g1AVdP2vyFs2q4CbA/QLUMeVWptvHBN
ZcA8/M4DpW5GpsOmC3SeZe01lCUzbANN/+NNg/PwHsPh
LUOEatmjZxfrU3lGpxXFF527ohzxXatZdX48lsM= )
More information about the bind-users
mailing list