[ldns-users] drill difference between chasing and tracing

Klaus Darilion klaus.mailinglists at pernau.at
Fri Feb 28 13:56:54 UTC 2014


        -T     Trace name from the root down. When using this option the 
@server and the type arguments are not used.

        -S     Chase the signature(s) of 'name' to a known key or as 
high up in the tree as possible.

Can someone please describe the difference between tracing and chasing?

E.g. when chasing (-S), does drill only verify that the DS record in the 
parent matches a DNSKEY in the child zone, or does it also verify the 
the signatures of the recors? (I use it with the -k option).

Further, -T states that the type argument is not used, but it is as far 
as I see

# drill -T -D -k anchors-fake-root -r db.root www.subdomain.brussels A
[S] www.subdomain.brussels.     300     IN      A
;;[S] self sig OK; [B] bogus; [T] trusted

# drill -T -D -k anchors-fake-root -r db.root www.subdomain.brussels AAAA
[S] Existence denied: www.subdomain.brussels. AAAA
;;[S] self sig OK; [B] bogus; [T] trusted


More information about the ldns-users mailing list