Thanks Casey!
The link to dnsviz.net also explains part of why I was getting
confused. It appears that there are not any DS records at the root
(yet?) for the .gov level. This explains why when I did a dig with
+sigchase +topdown options it was failing to validate way earlier in the
chain.
On Wed, Sep 15, 2010 at 7:34 AM, Timothy Holtzen wrote:
> I am having trouble resolving the host name cod.ed.gov which I believe
> may be dnssec related
...
> in my logs I am getting the messages:
>
> validating @0x2ab727eb5810: cod.ed.gov A: got insecure response; parent
> indicates it should
2 matches
Mail list logo
