On Wed, May 30, 2012 at 06:35:56PM +0400, Nikolay Shaplov wrote:
> I am trying to validate DNSSEC signature of top level zone using dig.
"dig +sigchase" is known to have serious flaws (that's why it's not
compiled in to BIND 9 by default). Our long-term plan has been to rewrite
it completely. So
I am trying to validate DNSSEC signature of top level zone using dig.
I do the following:
dig +nocomments +nostats +nocmd +noquestion -t dnskey . > trusted-key.key
dig +topdown +sigchase +trusted-key=./trusted-key.key +multiline com
and get the result like this:
[-many line skippe
2 matches
Mail list logo
