On 16 jul 2010, at 19:56, Ronald van der Pol wrote: >> http://fanf.livejournal.com/107310.html > Thanks! That was very useful. I finally got it working. Yes, me too. > I would also like to check the output for a zone that is verifyable not > correct. Any examples of signed RRs with an incorrect signature? I skipped this step: In the options section of named.conf you should have the directive dnssec-lookaside auto; This enables DNSSEC lookaside validation, which is necessary to bridge gaps (such as ac.uk) in the chain of trust between the root and lower-level signed zones with the result that www.ietf.org, www.iab.org, www.isc.org, all fail to validate. Not sure what the deal is there. Only www.nic.cat works. BTW, this is great: https://addons.mozilla.org/en-US/firefox/addon/64247/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf