[ldns-users] drill -k <DS> ?
Gilles Massen
gilles.massen at restena.lu
Mon Mar 7 13:53:30 UTC 2011
Hello Matthijs,
> Wouter stands corrected: the -k *is* implemented in and it *does* accept
> DS records.
Glad to hear that :)
> My guess is that you want to chase the signatures: add -S on the command
> line.
Not really. It might be possible, but chasing is too clever for my
purpose. I don't want to leave the realm of the zone/server to be
checked...climbing the DNS tree up does not fit.
Actually I want to answer a single question: "can I validate this
zone/record with the DS I have" (and the DS is for the zone, not for
anywhere up the tree).
drill -k <keyfile> with DNSKEY does exactly that, so I'm a bit back to
square one: if it does indeed accept DS records, what could I be doing
wrong? Or is the use case ( -k <ds> -D ) not supported ?
Best,
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the ldns-users
mailing list