How to Setup DNSSEC

pangj pangj at riseup.net
Wed Oct 17 02:48:19 UTC 2012


Hi,

$ dig +dnssec udp53.org soa

; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 11

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;udp53.org.                     IN      SOA

;; ANSWER SECTION:
udp53.org.              3600    IN      SOA     blox.wetworks.org. 
alan.clegg.com. 1259962123 86400 3600 2419200 300
udp53.org.              3600    IN      RRSIG   SOA 8 2 3600 
20121030214830 20121016204830 48948 udp53.org. 
eVftM2Iu4Q/pn0AVW3EXYricq2BagrleTAbQvAtbqOOj3UgSzQHwxR/i 
2zOTayebAx65K7mDql1qXaXUh7GAj1fmjKiaf1YR4QR1RHg2tV5dFEuP 
j6bha3QD0YfxS8pPGywsNeLn+6BwM2FrSOKefvc1S/GAv6y9ei/gj8qG 94Y=


from the result above, I didn't see a AD flag setted. why?

The nameserver in /etc/resolv.conf is 119.147.163.133 which is a 
stardard BIND.
$ dig txt chaos version.bind @119.147.163.133 +short
"9.6.1-P2"

thanks.


于 2012-10-17 6:31, Alan Clegg 写道:
> You can still find it at ISC:http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
>
> It is a bit long in the tooth.  I'll be updating it soon to cover the work done by ISC in BIND 9.9
>
> All are welcome to propose titles for this new work.




More information about the bind-users mailing list