From owner-freebsd-questions@freebsd.org Mon Jul 30 09:56:56 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 688A41051065 for ; Mon, 30 Jul 2018 09:56:56 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from smh-06.1blu.de (smh-06.1blu.de [178.254.0.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EDCD1910AF for ; Mon, 30 Jul 2018 09:56:55 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [172.16.29.5] (helo=sh4-5.1blu.de) by smh-06.1blu.de with esmtp (Exim 4.86_2) (envelope-from ) id 1fk4uz-0006TC-F4 for freebsd-questions@freebsd.org; Mon, 30 Jul 2018 11:56:45 +0200 Received: from ftp51246-2575596 by sh4-5.1blu.de with local (Exim 4.86_2) (envelope-from ) id 1fk4uz-0003Zk-Bk for freebsd-questions@freebsd.org; Mon, 30 Jul 2018 11:56:45 +0200 Date: Mon, 30 Jul 2018 11:56:45 +0200 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: drill && DNSSEC Message-ID: <20180730095645.GA11644@sh4-5.1blu.de> Reply-To: Matthias Apitz Mail-Followup-To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) X-message-flag: Mails containing HTML will not be read! Please send only plain text. User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2018 09:56:56 -0000 Hello, Our FreeBSD handbook explains in https://www.freebsd.org/doc/handbook/network-dns.html how to setup DNSSEC for a local DNS caching server. I uses, for example: $ drill -S FreeBSD.org @10.23.47.18 ;; Chasing: freebsd.org. A Warning: No trusted keys specified DNSSEC Trust tree: FreeBSD.org. (A) |---freebsd.org. (DNSKEY keytag: 18501 alg: 8 flags: 256) |---freebsd.org. (DNSKEY keytag: 60160 alg: 8 flags: 257) |---freebsd.org. (DS keytag: 60160 digest type: 2) |---org. (DNSKEY keytag: 1862 alg: 7 flags: 256) |---org. (DNSKEY keytag: 9795 alg: 7 flags: 257) |---org. (DNSKEY keytag: 17883 alg: 7 flags: 257) |---org. (DS keytag: 9795 digest type: 2) | |---. (DNSKEY keytag: 41656 alg: 8 flags: 256) | |---. (DNSKEY keytag: 19036 alg: 8 flags: 257) |---org. (DS keytag: 9795 digest type: 1) |---. (DNSKEY keytag: 41656 alg: 8 flags: 256) |---. (DNSKEY keytag: 19036 alg: 8 flags: 257) You have not provided any trusted keys. ;; Chase successful Note: The trusted keys (flag -k ....) weren't provided. How one gets valid trusted keys? Thanks matthias -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub