URL:
Reporter RHNID:
Section: -
Language:
Workaround:

Description: Pages 132-133 discuss installing trust anchors for select signed zones. Page 133 uses the example: dig +dnssec DNSKEY example.com
The output displayed on page 133 shows that there should be a line starting with "trust-anchor". I'm not sure if this example is supposed to work or not, but it didn't work for me. Here is my output:

[student@server0 ~]$ dig +dnssec DNSKEY example.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> +dnssec DNSKEY example.com
;; global options: +cmd
;; Got answer:
;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 50304
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;example.com. IN DNSKEY

;; AUTHORITY SECTION:
example.com. 60 IN SOA classroom.example.com. root.classroom.example.com. 2013091600 3600 300 604800 60

;; Query time: 1 msec
;; SERVER: 172.25.254.254#53(172.25.254.254)
;; WHEN: Tue Jul 29 13:51:33 EDT 2014
;; MSG SIZE rcvd: 91