On Wed, May 30, 2012 at 06:35:56PM +0400, Nikolay Shaplov wrote: > I am trying to validate DNSSEC signature of top level zone using dig.
"dig +sigchase" is known to have serious flaws (that's why it's not compiled in to BIND 9 by default). Our long-term plan has been to rewrite it completely. So far other work has always had higher priority, so it hasn't happened yet, but it will. In the meantime (much as it pains me to admit to having been outclassed :)), the best command-line tool I'm aware of for validating signatures is "drill", which ships as part of Unbound (http://nlnetlabs.nl). -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
