Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-6588

Unbound chain of trust - Page 133 - Should this example work: dig +dnssec DNSKEY example.com

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • RH254 - RHEL 7 1 20140711
    • RH254
    • None

      URL:
      Reporter RHNID:
      Section: -
      Language:
      Workaround:

      Description: Pages 132-133 discuss installing trust anchors for select signed zones. Page 133 uses the example: dig +dnssec DNSKEY example.com
      The output displayed on page 133 shows that there should be a line starting with "trust-anchor". I'm not sure if this example is supposed to work or not, but it didn't work for me. Here is my output:

      [student@server0 ~]$ dig +dnssec DNSKEY example.com

      ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> +dnssec DNSKEY example.com
      ;; global options: +cmd
      ;; Got answer:
      ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 50304
      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags: do; udp: 4096
      ;; QUESTION SECTION:
      ;example.com. IN DNSKEY

      ;; AUTHORITY SECTION:
      example.com. 60 IN SOA classroom.example.com. root.classroom.example.com. 2013091600 3600 300 604800 60

      ;; Query time: 1 msec
      ;; SERVER: 172.25.254.254#53(172.25.254.254)
      ;; WHEN: Tue Jul 29 13:51:33 EDT 2014
      ;; MSG SIZE rcvd: 91

              rht-psweany Philip Sweany (Inactive)
              rht-miphilli Michael Phillips
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: