On Thu, 19 Jan 2012, Axel Rau wrote:
Am 18.01.2012 um 23:54 schrieb Evan Hunt:
I tried the example from page 23 with a local zone, a trusted key and
inline-signing, like:
[...]
But I'm getting no ad-flag:
That's normal; authoritative servers don't set the AD bit, validating
resolvers do. (
Am 18.01.2012 um 23:54 schrieb Evan Hunt:
>> I tried the example from page 23 with a local zone, a trusted key and
>> inline-signing, like:
>> [...]
>> But I'm getting no ad-flag:
>
> That's normal; authoritative servers don't set the AD bit, validating
> resolvers do. (There's not much point i
> I tried the example from page 23 with a local zone, a trusted key and
> inline-signing, ...
> But I'm getting no ad-flag
I think that is expected behavior when you query an authoritative server
directly. For example, our authoritative server:
dig @ns1.countryday.net countryday.net dnskey +dnss
> I tried the example from page 23 with a local zone, a trusted key and
> inline-signing, like:
> [...]
> But I'm getting no ad-flag:
That's normal; authoritative servers don't set the AD bit, validating
resolvers do. (There's not much point in having an authoritative server
validate its own ans
Hi all,
I tried the example from page 23 with a local zone, a trusted key and
inline-signing, like:
---
trusted-keys {
"example.com." 257 3 5
"AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E
IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe
8ebpRn+R2YT/WPJPnwww1pEaA0DIU
5 matches
Mail list logo
