DNSSEC validation works with DLV, but not with just trusted-key

Alan Clegg aclegg at isc.org
Wed Nov 25 15:25:58 UTC 2009

Hanno Böck wrote:

> dig baddata-A.test.dnssec-tools.org @localhost

There is no DS record for dnssec-tools.org in .org (chain of trust is 
broken), so you can't validate the response -- thus the data being 
passed back to you.


More information about the bind-users mailing list