Check out my first novel, midnight's simulacra!

DNSSEC

From dankwiki
Revision as of 04:48, 16 December 2011 by Dank (talk | contribs) (→‎Tools)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Tools

drill

From the ldnsutils package.

  • drill -S domain will chase any signatures found in domain.
  • drill -TD FQDN will perform a top-down DNSSEC trace on FQDN.
  • drill -s dnskey domain shows all DNSSEC (DS) records for domain.

dig

From the dnsutils package.

  • The +dnssec flag will set the DNSSEC OK (DO) bit in the OPT section of the query.
  • The +sigchase flag will chase signature chains.
    • The +topdown flag can be used to force a top-down validation.
  • The +trusted-key= flag specifies a file containing trusted keys. Each key must be on its own line.
    • By default, /etc/trusted-key.key followed by ./trusted-key.key are used.