drill && DNSSEC

[Matthias Apitz]

Hello,

Our FreeBSD handbook explains in https://www.freebsd.org/doc/handbook/network-dns.html
how to setup DNSSEC for a local DNS caching server. I uses, for example:

$ drill -S FreeBSD.org @10.23.47.18 
;; Chasing: freebsd.org. A
Warning: No trusted keys specified


DNSSEC Trust tree:
FreeBSD.org. (A)
|---freebsd.org. (DNSKEY keytag: 18501 alg: 8 flags: 256)
    |---freebsd.org. (DNSKEY keytag: 60160 alg: 8 flags: 257)
    |---freebsd.org. (DS keytag: 60160 digest type: 2)
        |---org. (DNSKEY keytag: 1862 alg: 7 flags: 256)
            |---org. (DNSKEY keytag: 9795 alg: 7 flags: 257)
            |---org. (DNSKEY keytag: 17883 alg: 7 flags: 257)
            |---org. (DS keytag: 9795 digest type: 2)
            |   |---. (DNSKEY keytag: 41656 alg: 8 flags: 256)
            |       |---. (DNSKEY keytag: 19036 alg: 8 flags: 257)
            |---org. (DS keytag: 9795 digest type: 1)
                |---. (DNSKEY keytag: 41656 alg: 8 flags: 256)
                    |---. (DNSKEY keytag: 19036 alg: 8 flags: 257)
You have not provided any trusted keys.
;; Chase successful

Note: The trusted keys (flag -k ....) weren't provided.

How one gets valid trusted keys?

Thanks

	matthias
-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  📱 +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub