On Wed, 25 Apr 2012, William SAMEN wrote:
Hi, all Bind'ers i'm just trying to write a bash script which allow me to collect a list of zones which are signed with dnssec by giving a file of request in argument. So my problem is that i created my personnal DNS with 3 signed zones when i'm testing all is good but when i made a dig +dnssec on gandi.net domain (for example) my dns server didn't return me a RRSIG in the answer section is it ok? Did you think i had a mistake on my named configuration? recursion is working very well but how can i do to know that a zone or domain has been signed? a dig +dnssec is the best or the only way to know that?
Assuming your system uses a DNSSEC configured resolver with the root key , and with "signed" you really mean "secure" (that is with a DS or DLV trust path), you can use: [paul@thinkpad ~]$ dig +dnssec nohats.ca|grep flags |grep "ad;" ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 7 [paul@thinkpad ~]$ echo $? 0 [paul@thinkpad ~]$ dig +dnssec foobar.ca|grep flags |grep "ad;" [paul@thinkpad ~]$ echo $? 1 Paul
Thank's for your help!!! William Thierry SAMEN _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
