[ldns-users] drill difference between chasing and tracing
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Feb 28 13:56:54 UTC 2014
Hi!
-T Trace name from the root down. When using this option the
@server and the type arguments are not used.
-S Chase the signature(s) of 'name' to a known key or as
high up in the tree as possible.
Can someone please describe the difference between tracing and chasing?
E.g. when chasing (-S), does drill only verify that the DS record in the
parent matches a DNSKEY in the child zone, or does it also verify the
the signatures of the recors? (I use it with the -k option).
Further, -T states that the type argument is not used, but it is as far
as I see
# drill -T -D -k anchors-fake-root -r db.root www.subdomain.brussels A
...
[S] www.subdomain.brussels. 300 IN A 127.0.0.1
;;[S] self sig OK; [B] bogus; [T] trusted
# drill -T -D -k anchors-fake-root -r db.root www.subdomain.brussels AAAA
...
[S] Existence denied: www.subdomain.brussels. AAAA
;;[S] self sig OK; [B] bogus; [T] trusted
Thanks
Klaus
More information about the ldns-users
mailing list