Zitat von Andreas Schulze <andreas.schulze at datev.de>: > Am 02.12.2010 13:07 schrieb lst_hoe02 at kwsoft.de: >> You could start by checking "by-hand" eg. with >> dig @remote-resolver some-secured.site +dnssec >> and >> dig @local-resolver some-secured.site +dnssec > > Good point! > dig @::1 dnssec-validator.cz +dnssec does not contain ad > dig @external_resolver does. > >> If you get the "ad" in the resulting dig output DNSSEC validation succeed. > Of cource I have to *enable* DNSSEC validation. > I just forgot the root trustanchor in my local unbound. In many cases the obvious is the most difficult to find ;-) Glad to help DATEV on the way to DNSSEC Regards Andreas