DNSSEC validation works with DLV, but not with just trusted-key

Hanno Böck hanno at hboeck.de
Wed Nov 25 15:37:04 UTC 2009

Am Mittwoch 25 November 2009 schrieb Alan Clegg:
> There is no DS record for dnssec-tools.org in .org (chain of trust is
> broken), so you can't validate the response -- thus the data being
> passed back to you.

Ok, that explains it.

Are there any example domains with known-broken dnssec records with a full 
trust chain?

Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno at hboeck.de

http://schokokeks.org - professional webhosting
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20091125/4a156949/attachment.bin>

More information about the bind-users mailing list