[ldns-users] drill -k <DS> ?
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Mon Mar 7 12:18:27 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/07/2011 10:26 AM, Gilles Massen wrote:
> Hello,
>
> I'm scripting a sanity check for signed zones, and would like to check
> is the DNSKEY RR validates based on the DS I received (as a
> pre-delegation check).
> temp.ds contains records in the form:
> dnssec.lu. IN DS 21851 8 2
> 4cdbd90d2c6656427cb5e8e87571c704d8672a56a023df5e8a8111410a4e9176
>
> <keyfile> with DNSKEYs works perfectly btw.
>
> Any suggestions what I'm doing wrong?
This feature has not been implemented in drill.
unbound-host can verify with -f temp.ds. It requires you give all the
DS records at the same time when an algorithm rollover happens.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk10zRMACgkQkDLqNwOhpPhh9QCfYBUgldX6tmLHocbh0zYA4d5w
WfEAn0Bgs4uuGJUbLgY/wXkf2elWhi49
=a4Yj
-----END PGP SIGNATURE-----
More information about the ldns-users
mailing list