DNSSEC closed environment
Marco Davids
marco.davids at sidn.nl
Wed Jul 8 13:46:05 UTC 2009
Eduardo Júnior wrote:
> it's possible configure dnssec only between 2 name servers, first is
> the authoritative and second is the recurisve? The authoritative name
> server would have zones signed and the recursive will do querys and
> validation.
Sure, why not?
I personally prefer my setup whereby I have included the IANA testbed:
https://ns.iana.org/dnssec/status.html.
In other words, I use their root hints and zonefiles in my test-environment.
In fact, I even managed to get an appearantly valid chain of trust all
the way up to my 'home.forfunsec.org' testdomain with it. Quite
instructive and fun to play with. :-)
> And using dig (properly compiled and configured) makes
> requests to recursive and validation occurs correctly?
Yep, that sounds like it should work.
But you might like 'drill', from NlNetlabs:
http://www.nlnetlabs.nl/projects/ldns/
(sorry, for being a bit off-topic here)
Regards,
--
Marco Davids
SIDN
More information about the bind-users
mailing list