Public bug reported: dig, as supplied, will not validate a DNSSEC domain.
The +sigchase option should cause validation to occur but it does not. As noted in http://bryars.eu/2010/08/validating-and-exploring-dnssec- with-dig/ if a file called 'trusted-key.key' is present then dig will use that. By default dig will look in /etc/trusted-key.key and then the current directory. By supplying the file /etc/trusted-key.key, dig's signature checking will work out of the box. Thanks, Anand ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1406729 Title: dig does not have a default trusted key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1406729/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs