Jump to navigation Jump to search
From the ldnsutils package.
- drill -S domain will chase any signatures found in domain.
- drill -TD FQDN will perform a top-down DNSSEC trace on FQDN.
- drill -s dnskey domain shows all DNSSEC (DS) records for domain.
From the dnsutils package.
- The +dnssec flag will set the DNSSEC OK (DO) bit in the OPT section of the query.
- The +sigchase flag will chase signature chains.
- The +topdown flag can be used to force a top-down validation.
- The +trusted-key= flag specifies a file containing trusted keys. Each key must be on its own line.
- By default, /etc/trusted-key.key followed by ./trusted-key.key are used.