Maintained by: NLnet Labs

[Unbound-users] dnssec via forwarder

Andreas Schulze
Thu Dec 2 14:43:46 CET 2010


Am 02.12.2010 13:07 schrieb lst_hoe02 at kwsoft.de:
> You could start by checking "by-hand" eg. with
> dig @remote-resolver some-secured.site +dnssec
> and
> dig @local-resolver some-secured.site +dnssec

Good point!
dig @::1 dnssec-validator.cz +dnssec does not contain ad
dig @external_resolver does.

> If you get the "ad" in the resulting dig output DNSSEC validation succeed.
Of cource I have to *enable* DNSSEC validation.
I just forgot the root trustanchor in my local unbound.

Thanks!

-- 
Andreas Schulze
Internetdienste | P532

DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen