Validating a DNSSEC installation

Jeremy C. Reed jreed at
Thu Jun 11 22:19:55 UTC 2009

On Thu, 11 Jun 2009, Erik Lotspeich wrote:

> Although I'm not new to DNS, I'm new to DNSSEC.  I have read
> documentation and howtos regarding DNSSEC.
> I believe that I have it configured and working for my domain,
>  I have registered with the ISC's DLV registry.  I am
> having trouble finding the best way for me to validate that my setup is
> working and that my zone validates.  I've looked into drill and
> dnssec-tools, but it isn't clear to me how to use these tools with ISC's
> DLV.
> Any help would be greatly appreciated.

Hi Erik,

For me:

dig +dnssec
does return RRSIG but no "ad" (authenticated data) flag. doesn't yet exist in ISC's DLV.

dig +dnssec DLV
for me is flagged "ad" and NXDOMAIN

(Maybe wait until served by the ISC DLV nameservers? I didn't check 
internally if was registered.)

More information about the bind-users mailing list