[dns-operations] DNSSEC validation using DS records as trust anchors
dot at dotat.at
Tue Jan 3 20:52:46 UTC 2017
Emil Natan <e at foowatch.com> wrote:
> I'm looking for DNSSEC validation tool/library (ideally
> which can perform validation on a DNSKEY record using trust anchor
> provided as DS record.
This probably doesn't solve enough of your problem, but you can use
BIND's dnssec-dsfromkey or ldns's key2ds programs. Convert each KSK to a
DS using either of these programs, and check that one matches the DS
from the parent zone.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations