[ldns-users] trusted-keys fileformat?
Paul Wouters
paul at xelerance.com
Tue Jun 15 15:33:14 UTC 2010
On Tue, 15 Jun 2010, Dennis Knorr wrote:
> i wanted to validate a dlv-domain which ist secured via dlv.isc.org.
> I got the key from the website, but it seems it has not the right format?
>
> I used
> https://dlv.isc.org/about/using in 3. the trusted-key with the bind-syntax.
> But i didn't find any documentation about that.
As far as I know, ldns does not do validation. For that you will need
libunbound (if you want a library) or unbound (if you want a validating resolver)
For unbound:
-bash-3.2# cat /etc/unbound/dlv.isc.org.key
; https://secure.isc.org/ops/dlv/dlv.isc.org.key
dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh
-bash-3.2# grep dlv /etc/unbound/unbound.conf
dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
# Downloaded from https://secure.isc.org/ops/dlv/dlv.isc.org.key
Paul
More information about the ldns-users
mailing list