Thanks Casey!
The link to dnsviz.net also explains part of why I was getting
confused. It appears that there are not any DS records at the root
(yet?) for the .gov level. This explains why when I did a dig with
+sigchase +topdown options it was failing to validate way earlier in the
chain.
On Wed, Sep 15, 2010 at 7:34 AM, Timothy Holtzen wrote:
> I am having trouble resolving the host name cod.ed.gov which I believe
> may be dnssec related
...
> in my logs I am getting the messages:
>
> validating @0x2ab727eb5810: cod.ed.gov A: got insecure response; parent
> indicates it should
I am having trouble resolving the host name cod.ed.gov which I believe
may be dnssec related. If I run dig with the +cdflag option I get what
appears to be a proper response:
; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2 <<>> +cdflag cod.ed.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opco
3 matches
Mail list logo
