On 02/14/2012 12:46 AM, Marcel van Beurden wrote:
Hi all,
I'm new to Unbound and DNSSEC. I'm using it on my home network to serve up
my local hostnames, provide me with DNSSEC and IPv6 support.
My 1st question is a general DNSSEC question. What do I need to have on my
desktop pc to have Firefox with the DNSSEC Validator addon to validate
DNSSEC-enabled websites? I have installed Unbound on my server (Debian 6.0)
That depends on how the firefox plugin works. It may DNSSEC itself, and
merely require a DNSSEC-aware upstream resolver. Or it may require the
upstream resolver to do DNSSEC and set the "ad" flag.
and have my desktop pc (Ubuntu 11.10) use my server as DNS-server. This
does not seem to work. So I also installed Unbound on my desktop, and then
it seems to work. Is this how it's supposed to work?
Care to be more specific about what "does not seem to work" means?
With unbound on your server, you should be able to do:
dig +dnssec @server <signed name>
...and get back a response with the "ad" flag set e.g.
$ dig +dnssec org ns
...
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 7
^^ AD flag set
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
