Hi all,
I tried the example from page 23 with a local zone, a trusted key and
inline-signing, like:
---
trusted-keys {
example.com. 257 3 5
AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E
IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe
I tried the example from page 23 with a local zone, a trusted key and
inline-signing, like:
[...]
But I'm getting no ad-flag:
That's normal; authoritative servers don't set the AD bit, validating
resolvers do. (There's not much point in having an authoritative server
validate its own
I tried the example from page 23 with a local zone, a trusted key and
inline-signing, ...
But I'm getting no ad-flag
I think that is expected behavior when you query an authoritative server
directly. For example, our authoritative server:
dig @ns1.countryday.net countryday.net dnskey +dnssec
3 matches
Mail list logo