drill && DNSSEC
Matthias Apitz
guru at unixarea.de
Mon Jul 30 09:56:56 UTC 2018
Hello,
Our FreeBSD handbook explains in https://www.freebsd.org/doc/handbook/network-dns.html
how to setup DNSSEC for a local DNS caching server. I uses, for example:
$ drill -S FreeBSD.org @10.23.47.18
;; Chasing: freebsd.org. A
Warning: No trusted keys specified
DNSSEC Trust tree:
FreeBSD.org. (A)
|---freebsd.org. (DNSKEY keytag: 18501 alg: 8 flags: 256)
|---freebsd.org. (DNSKEY keytag: 60160 alg: 8 flags: 257)
|---freebsd.org. (DS keytag: 60160 digest type: 2)
|---org. (DNSKEY keytag: 1862 alg: 7 flags: 256)
|---org. (DNSKEY keytag: 9795 alg: 7 flags: 257)
|---org. (DNSKEY keytag: 17883 alg: 7 flags: 257)
|---org. (DS keytag: 9795 digest type: 2)
| |---. (DNSKEY keytag: 41656 alg: 8 flags: 256)
| |---. (DNSKEY keytag: 19036 alg: 8 flags: 257)
|---org. (DS keytag: 9795 digest type: 1)
|---. (DNSKEY keytag: 41656 alg: 8 flags: 256)
|---. (DNSKEY keytag: 19036 alg: 8 flags: 257)
You have not provided any trusted keys.
;; Chase successful
Note: The trusted keys (flag -k ....) weren't provided.
How one gets valid trusted keys?
Thanks
matthias
--
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
More information about the freebsd-questions
mailing list