DNSSEC validation works with DLV, but not with just trusted-key
Hanno Böck
hanno at hboeck.de
Wed Nov 25 15:37:04 UTC 2009
Am Mittwoch 25 November 2009 schrieb Alan Clegg:
> There is no DS record for dnssec-tools.org in .org (chain of trust is
> broken), so you can't validate the response -- thus the data being
> passed back to you.
Ok, that explains it.
Are there any example domains with known-broken dnssec records with a full
trust chain?
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de
http://schokokeks.org - professional webhosting
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20091125/4a156949/attachment.bin>
More information about the bind-users
mailing list