[Unbound-users] dnssec via forwarder
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Thu Dec 2 13:56:57 UTC 2010
Zitat von Andreas Schulze <andreas.schulze at datev.de>:
> Am 02.12.2010 13:07 schrieb lst_hoe02 at kwsoft.de:
>> You could start by checking "by-hand" eg. with
>> dig @remote-resolver some-secured.site +dnssec
>> and
>> dig @local-resolver some-secured.site +dnssec
>
> Good point!
> dig @::1 dnssec-validator.cz +dnssec does not contain ad
> dig @external_resolver does.
>
>> If you get the "ad" in the resulting dig output DNSSEC validation succeed.
> Of cource I have to *enable* DNSSEC validation.
> I just forgot the root trustanchor in my local unbound.
In many cases the obvious is the most difficult to find ;-)
Glad to help DATEV on the way to DNSSEC
Regards
Andreas
More information about the Unbound-users
mailing list