dnssec-validation [ ddig_sigchase option ]

Evan Hunt each at isc.org
Wed Oct 12 19:07:37 UTC 2016


On Wed, Oct 12, 2016 at 01:56:09PM -0400, Dennis Clarke wrote:
> On 10/12/16 13:36, Evan Hunt wrote:
> > I recommend using "delv" instead.  "dig +sigchase" isn't good code.
> 
> ? well that is news to me  :-\

It's code that was contributed over ten years ago; we put it into dig
(hidden behind #ifdef's) because at the time there was no better
alternative, but we never formally supported it.  It's buggy and
broken in a number of edge cases and hasn't really kept up with the
evolution of DNSSEC.

Please try "delv" and if you find that it doesn't meet your needs,
let me know so I can try to improve it.

NLNetLabs's "drill" is also useful.

> > I expect we'll be removing it in a future release.
> 
> cool .. so ... any change in our build process here ? A configure change 
> ? Anything ?

No, delv is built and installed in BIND 9.10 and higher.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.


More information about the bind-users mailing list