[ldns-users] drill difference between chasing and tracing

Klaus Darilion klaus.mailinglists at pernau.at
Fri Feb 28 15:04:26 UTC 2014



On 28.02.2014 14:56, Klaus Darilion wrote:
> Hi!
>
>         -T     Trace name from the root down. When using this option the
> @server and the type arguments are not used.
>
>         -S     Chase the signature(s) of 'name' to a known key or as
> high up in the tree as possible.
>
>
> Can someone please describe the difference between tracing and chasing?
>
> E.g. when chasing (-S), does drill only verify that the DS record in the
> parent matches a DNSKEY in the child zone, or does it also verify the
> the signatures of the recors? (I use it with the -k option).

Answering myself:
-T goes from root (or root hint) up to 'name'
-S goes from 'name' down to root

But is there a difference in the quality of the result? Is one 
recommended if I want to check the proper signing of my zone?

Thanks
Klaus




More information about the ldns-users mailing list