On Tue, Feb 14, 2012 at 10:03, Phil Mayers <[email protected]> wrote: > On 02/14/2012 12:46 AM, Marcel van Beurden wrote: >> >> Hi all, >> >> I'm new to Unbound and DNSSEC. I'm using it on my home network to serve up >> my local hostnames, provide me with DNSSEC and IPv6 support. >> >> My 1st question is a general DNSSEC question. What do I need to have on my >> desktop pc to have Firefox with the DNSSEC Validator addon to validate >> DNSSEC-enabled websites? I have installed Unbound on my server (Debian >> 6.0) > > > That depends on how the firefox plugin works. It may DNSSEC itself, and > merely require a DNSSEC-aware upstream resolver.
> Or it may require the > upstream resolver to do DNSSEC and set the "ad" flag. This one, but we are thinking to move it closer to application and do validation inside DNSSEC Validator. >> and have my desktop pc (Ubuntu 11.10) use my server as DNS-server. This >> does not seem to work. So I also installed Unbound on my desktop, and then >> it seems to work. Is this how it's supposed to work? > > > Care to be more specific about what "does not seem to work" means? > > With unbound on your server, you should be able to do: > > dig +dnssec @server <signed name> > > ...and get back a response with the "ad" flag set e.g. > > $ dig +dnssec org ns > ... > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 7 > ^^ AD flag set O. -- Ondřej Surý <[email protected]> _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
