Check out my first novel, midnight's simulacra!
DNSSEC: Difference between revisions
From dankwiki
(Created page with "==Tools== <tt>drill</tt> from the [http://packages.debian.org/sid/ldnsutils ldnsutils] package.") |
(→Tools) |
||
| Line 1: | Line 1: | ||
==Tools== | ==Tools== | ||
===drill=== | |||
From the [http://packages.debian.org/sid/ldnsutils ldnsutils] package. | |||
* drill -S ''domain'' will chase any signatures found in domain. | |||
* drill -TD ''FQDN'' will perform a top-down DNSSEC trace on FQDN. | |||
* drill -s dnskey ''domain'' shows all DNSSEC (DS) records for domain. | |||
===dig=== | |||
From the [http://packages.debian.org/sid/dnsutils dnsutils] package. | |||
* The <tt>+dnssec</tt> flag will set the DNSSEC OK (DO) bit in the OPT section of the query. | |||
* The <tt>+sigchase</tt> flag will chase signature chains. | |||
** The <tt>+topdown</tt> flag can be used to force a top-down validation. | |||
* The <tt>+trusted-key=</tt> flag specifies a file containing trusted keys. Each key must be on its own line. | |||
** By default, /etc/trusted-key.key followed by ./trusted-key.key are used. | |||
Latest revision as of 04:48, 16 December 2011
Tools
drill
From the ldnsutils package.
- drill -S domain will chase any signatures found in domain.
- drill -TD FQDN will perform a top-down DNSSEC trace on FQDN.
- drill -s dnskey domain shows all DNSSEC (DS) records for domain.
dig
From the dnsutils package.
- The +dnssec flag will set the DNSSEC OK (DO) bit in the OPT section of the query.
- The +sigchase flag will chase signature chains.
- The +topdown flag can be used to force a top-down validation.
- The +trusted-key= flag specifies a file containing trusted keys. Each key must be on its own line.
- By default, /etc/trusted-key.key followed by ./trusted-key.key are used.
