[ldns-users] drill -k <DS> ?
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Mar 7 12:59:28 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Gilles,
Wouter stands corrected: the -k *is* implemented in and it *does* accept
DS records.
My guess is that you want to chase the signatures: add -S on the command
line.
Best regards,
Matthijs
On 03/07/2011 01:18 PM, W.C.A. Wijngaards wrote:
> On 03/07/2011 10:26 AM, Gilles Massen wrote:
>> Hello,
>
>> I'm scripting a sanity check for signed zones, and would like to check
>> is the DNSKEY RR validates based on the DS I received (as a
>> pre-delegation check).
>
>> temp.ds contains records in the form:
>> dnssec.lu. IN DS 21851 8 2
>> 4cdbd90d2c6656427cb5e8e87571c704d8672a56a023df5e8a8111410a4e9176
>
>> <keyfile> with DNSKEYs works perfectly btw.
>
>> Any suggestions what I'm doing wrong?
>
> This feature has not been implemented in drill.
>
> unbound-host can verify with -f temp.ds. It requires you give all the
> DS records at the same time when an algorithm rollover happens.
>
> Best regards,
> Wouter
_______________________________________________
ldns-users mailing list
ldns-users at open.nlnetlabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNdNavAAoJEA8yVCPsQCW5tf4IAM6RMd8H5/pqhVkU8tDCwfK2
mPDdPScFnAZYaIfRCQ+ItMngCAzaZjn1MXBYXaiy5guH4LAI7+o8Qd3Y9ygJIIKM
rUD6ndrfGoNaIjlSGg6gjmhTDmUfPkgLS+U7UdWMRyL9EiVYVmA7ZIPDuxdf40GM
uw4P9W7zBzg2x9KpkaQmr4cgKi3N+JYrTKpqgLoepb/Jl2qDBiX6j9Uh+evg9hSk
6/JmcQpe2Mr6uPWgoh2Nt3tQo7xMnp9xWm+MLbv86zYXEw77nsW8eTXIa5UZ+Q0/
AtFxDr5tm1d6AKmH+LHYxyGBfOMTsUG3ZJCd/RgkJ/n9fpQuEj/z9ck04mp9wxI=
=pH5j
-----END PGP SIGNATURE-----
More information about the ldns-users
mailing list