Maintained by: NLnet Labs

[Unbound-users] dnssec via forwarder

lst_hoe02 at
Thu Dec 2 14:56:57 CET 2010

Zitat von Andreas Schulze <andreas.schulze at>:

> Am 02.12.2010 13:07 schrieb lst_hoe02 at
>> You could start by checking "by-hand" eg. with
>> dig @remote-resolver +dnssec
>> and
>> dig @local-resolver +dnssec
> Good point!
> dig @::1 +dnssec does not contain ad
> dig @external_resolver does.
>> If you get the "ad" in the resulting dig output DNSSEC validation succeed.
> Of cource I have to *enable* DNSSEC validation.
> I just forgot the root trustanchor in my local unbound.

In many cases the obvious is the most difficult to find ;-)

Glad to help DATEV on the way to DNSSEC