How to Setup DNSSEC
pangj
pangj at riseup.net
Wed Oct 17 02:48:19 UTC 2012
Hi,
$ dig +dnssec udp53.org soa
; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 11
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;udp53.org. IN SOA
;; ANSWER SECTION:
udp53.org. 3600 IN SOA blox.wetworks.org.
alan.clegg.com. 1259962123 86400 3600 2419200 300
udp53.org. 3600 IN RRSIG SOA 8 2 3600
20121030214830 20121016204830 48948 udp53.org.
eVftM2Iu4Q/pn0AVW3EXYricq2BagrleTAbQvAtbqOOj3UgSzQHwxR/i
2zOTayebAx65K7mDql1qXaXUh7GAj1fmjKiaf1YR4QR1RHg2tV5dFEuP
j6bha3QD0YfxS8pPGywsNeLn+6BwM2FrSOKefvc1S/GAv6y9ei/gj8qG 94Y=
from the result above, I didn't see a AD flag setted. why?
The nameserver in /etc/resolv.conf is 119.147.163.133 which is a
stardard BIND.
$ dig txt chaos version.bind @119.147.163.133 +short
"9.6.1-P2"
thanks.
于 2012-10-17 6:31, Alan Clegg 写道:
> You can still find it at ISC:http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
>
> It is a bit long in the tooth. I'll be updating it soon to cover the work done by ISC in BIND 9.9
>
> All are welcome to propose titles for this new work.
More information about the bind-users
mailing list