Check out my first novel, midnight's simulacra!

DNSSEC

From dankwiki
Revision as of 04:48, 16 December 2011 by Dank (talk | contribs) (→‎Tools)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Tools

drill

From the ldnsutils package.

  • drill -S domain will chase any signatures found in domain.
  • drill -TD FQDN will perform a top-down DNSSEC trace on FQDN.
  • drill -s dnskey domain shows all DNSSEC (DS) records for domain.

dig

From the dnsutils package.

  • The +dnssec flag will set the DNSSEC OK (DO) bit in the OPT section of the query.
  • The +sigchase flag will chase signature chains.
    • The +topdown flag can be used to force a top-down validation.
  • The +trusted-key= flag specifies a file containing trusted keys. Each key must be on its own line.
    • By default, /etc/trusted-key.key followed by ./trusted-key.key are used.