[Dnssec-trigger] Dnssec Problem

Bob Katz bocat01 at gmail.com
Sun Jun 10 20:04:04 UTC 2012


I have just installed dnssec–trigger on my mac 10.7.4. The problem is after
running the command dnssec–trigger–control–setup I don't know if dnssec is
enabled. After I run the dig command I do not get the ad flag and
one dnssec test website states no dnssec. However another test website
states the dnssec is enabled.  I have included in this email a terminal
output and a probe result. What am I missing ?


bash-3.2$ sudo dnssec-trigger-control-setup
setup in directory /etc/dnssec-trigger
dnssec_trigger_server.key exists
dnssec_trigger_control.key exists
create dnssec_trigger_server.pem (self signed certificate)
create dnssec_trigger_control.pem (signed client certificate)
Signature ok
Getting CA Private Key
Setup success. Certificates created.

run this script again with -i to:
- enable remote-control in unbound.conf
- start unbound-control-setup
- add root trust anchor to unbound.conf
if you have not done this already
bash-3.2$ sudo dnssec-trigger-control-setup -i
setup in directory /etc/dnssec-trigger
unbound-checkconf: no errors in /etc/unbound/unbound.conf
checking if unbound-control needs to be enabled
checking if root trust anchor needs to be enabled
check for search path in resolv.conf and edit
check for domain in resolv.conf and edit
bash-3.2$ sudo dig www.slashdot.org @

; <<>> DiG 9.7.3-P3 <<>> www.slashdot.org @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27876
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;www.slashdot.org. IN A

www.slashdot.org. 1546 IN A

slashdot.org. 84346 IN NS ns4.p03.dynect.net.
slashdot.org. 84346 IN NS ns3.p03.dynect.net.
slashdot.org. 84346 IN NS ns2.p03.dynect.net.
slashdot.org. 84346 IN NS ns1.p03.dynect.net.

;; Query time: 9 msec
;; WHEN: Sun Jun 10 15:59:11 2012
;; MSG SIZE  rcvd: 136
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20120610/19da5d00/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2012-06-10 at 3.56.42 PM.png
Type: image/png
Size: 30414 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20120610/19da5d00/attachment.png>

More information about the dnssec-trigger mailing list