[ldns-users] drill -k <DS> ?

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Mar 7 12:59:28 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Gilles,

Wouter stands corrected: the -k *is* implemented in and it *does* accept
DS records.

My guess is that you want to chase the signatures: add -S on the command
line.

Best regards,

Matthijs

On 03/07/2011 01:18 PM, W.C.A. Wijngaards wrote:
> On 03/07/2011 10:26 AM, Gilles Massen wrote:
>> Hello,
> 
>> I'm scripting a sanity check for signed zones, and would like to check
>> is the DNSKEY RR validates based on the DS I received (as a
>> pre-delegation check).
> 
>> temp.ds contains records in the form:
>> dnssec.lu.    IN      DS      21851 8 2
>> 4cdbd90d2c6656427cb5e8e87571c704d8672a56a023df5e8a8111410a4e9176
> 
>> <keyfile> with DNSKEYs works perfectly btw.
> 
>> Any suggestions what I'm doing wrong?
> 
> This feature has not been implemented in drill.
> 
> unbound-host can verify with -f temp.ds.  It requires you give all the
> DS records at the same time when an algorithm rollover happens.
> 
> Best regards,
>    Wouter
_______________________________________________
ldns-users mailing list
ldns-users at open.nlnetlabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNdNavAAoJEA8yVCPsQCW5tf4IAM6RMd8H5/pqhVkU8tDCwfK2
mPDdPScFnAZYaIfRCQ+ItMngCAzaZjn1MXBYXaiy5guH4LAI7+o8Qd3Y9ygJIIKM
rUD6ndrfGoNaIjlSGg6gjmhTDmUfPkgLS+U7UdWMRyL9EiVYVmA7ZIPDuxdf40GM
uw4P9W7zBzg2x9KpkaQmr4cgKi3N+JYrTKpqgLoepb/Jl2qDBiX6j9Uh+evg9hSk
6/JmcQpe2Mr6uPWgoh2Nt3tQo7xMnp9xWm+MLbv86zYXEw77nsW8eTXIa5UZ+Q0/
AtFxDr5tm1d6AKmH+LHYxyGBfOMTsUG3ZJCd/RgkJ/n9fpQuEj/z9ck04mp9wxI=
=pH5j
-----END PGP SIGNATURE-----



More information about the ldns-users mailing list