How to validate DNSSEC signed record with dig?

2012-02-05 Thread Nikolay Shaplov
Hi! I am trying to validate DNSSEC signature on ns record using dig. Domain nox.su is properly signed using DNSSEC. Prove link: http://dnssec-debugger.verisignlabs.com/nox.su I am trying to validate it as dicribed here: http://bryars.eu/2010/08/validating-and-exploring-dnssec-with-dig/ $

Dig fails to validate signature chains of TLD zones

2012-05-30 Thread Nikolay Shaplov
I am trying to validate DNSSEC signature of top level zone using dig. I do the following: dig +nocomments +nostats +nocmd +noquestion -t dnskey . trusted-key.key dig +topdown +sigchase +trusted-key=./trusted-key.key +multiline com and get the result like this: [-many line

How to validate SRV record?

2012-08-23 Thread Nikolay Shaplov
Hi! I am trying to write a validator for name field of SRV record, and I met several issues I can not understand. May be you can help me with that. 0. Bind does not really validate name of SRV record: _te__st_._te--st!?.rrr!e is considered to be correct record. (BIND 9.7.3) So I can not use