On 16 jul 2010, at 19:56, Ronald van der Pol wrote:
http://fanf.livejournal.com/107310.html
Thanks! That was very useful. I finally got it working.
Yes, me too.
I would also like to check the output for a zone that is verifyable not
correct. Any examples of signed RRs with an incorrect signature?
I skipped this step:
In the options section of named.conf you should have the directive
dnssec-lookaside auto;
This enables DNSSEC lookaside validation, which is necessary to bridge gaps
(such as ac.uk) in the chain of trust between the root and lower-level signed
zones
with the result that www.ietf.org, www.iab.org, www.isc.org, all fail to
validate. Not sure what the deal is there. Only www.nic.cat works. BTW, this is
great:
https://addons.mozilla.org/en-US/firefox/addon/64247/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf