How to validate DNSSEC signed record with dig?

Tony Finch dot at dotat.at
Mon Feb 6 13:07:07 UTC 2012


Spain, Dr. Jeffry A. <spainj at countryday.net> wrote:
>
> Checking your two name servers, 8.8.8.8 (google-public-dns-a.google.com)
> doesn't appear to offer DNSSEC validation, and 78.46.213.227
> (rms.coozila.com) doesn't respond to my query at all.

It's worse than that. Google Public DNS doesn't support DNSSEC at all, so
you cannot use it to query DNSSEC records. DNSSEC requires resolvers to
handle RRSIG and DS records in special ways even if they are not
validating the signatures.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
North Utsire, South Utsire: Cyclonic mainly southerly or southeasterly, 5 to
7, occasionally gale 8 in east at first. Rough. Rain or snow. Moderate or
poor.



More information about the bind-users mailing list