Maintained by: NLnet Labs

[Unbound-users] dnssec via forwarder

lst_hoe02 at kwsoft.de
Thu Dec 2 14:56:57 CET 2010


Zitat von Andreas Schulze <andreas.schulze at datev.de>:

> Am 02.12.2010 13:07 schrieb lst_hoe02 at kwsoft.de:
>> You could start by checking "by-hand" eg. with
>> dig @remote-resolver some-secured.site +dnssec
>> and
>> dig @local-resolver some-secured.site +dnssec
>
> Good point!
> dig @::1 dnssec-validator.cz +dnssec does not contain ad
> dig @external_resolver does.
>
>> If you get the "ad" in the resulting dig output DNSSEC validation succeed.
> Of cource I have to *enable* DNSSEC validation.
> I just forgot the root trustanchor in my local unbound.

In many cases the obvious is the most difficult to find ;-)

Glad to help DATEV on the way to DNSSEC

Regards

Andreas