[16:31:54 root@rhl-236 ~]# dig +dnssec mydnssec.com +multiline +sigchase
+trusted-key=/root/dnssec/Kmydnssec.com.+005+08340.key
;; RRset to chase:
mydnssec.com. 86400 IN A 10.35.62.235
;; RRSIG of the RRset to chase:
mydnssec.com. 86400 IN RRSIG A 5 2 86400 20100513221145 (
20100413221145 8340 mydnssec.com.
XdrNlVeH/Hc6sMCAOFCWerqtFRgCyNNlOcHrwnLZ+ApI
plN2t2QdpmEqhltmNyINJK2WH6xzP59bkynjOUcg8QQr
OBPRyjlZCXkTS0y8JFNGd0OIjW8KJkLmZ/cag0zFcvA+
xvNQsSM5w9hiprH364JDhSoQYASxFslLkX+MtGw= )
Launch a query to find a RRset of type DNSKEY for zone: mydnssec.com.
;; DNSKEYset that signs the RRset to chase:
mydnssec.com. 86400 IN DNSKEY 256 3 5 (
AwEAAacXnVRCUEnP7nRuCaGHWw5K7H+IedN5xWnnCUfe
f9upLZESWMPiY0b08biliRQ5Uqt6wCNINM9nBGGxxOhV
i/oT+DEkrjOhNN4o5L7Bd+PwYV0Vh+Fq383jvGdHtr8n
Q+mc69OgQjdARn6ofH6sDcOQFsvKsgtA/EQUa/mc9V2B
) ; key id = 8340
;; RRSIG of the DNSKEYset that signs the RRset to chase:
mydnssec.com. 86400 IN RRSIG DNSKEY 5 2 86400 20100513221145 (
20100413221145 8340 mydnssec.com.
WdGTjFIGfFf6jpTm04iDYIj44WgvG+XMGJyzMS7jC5k7
LYk8HtjUAjVs920sgrz9HED7JKs9tMjzIiPZEKRsa+HI
7Re2Rvvrb5PbwNwWFi/smDI57NztLvCNoOWdYEk1r6jW
S8YVLnvd5rsN9d2DY+wr8UZSemRWAURn8G3GRLA= )
Launch a query to find a RRset of type DS for zone: mydnssec.com.
;; NO ANSWERS: no more
;; WARNING There is no DS for the zone: mydnssec.com.
;; WE HAVE MATERIAL, WE NOW DO VALIDATION ;; VERIFYING A RRset for mydnssec.com.
with DNSKEY:8340: success ;; OK We found DNSKEY (or more) to validate the RRset
;; Ok, find a Trusted Key in the DNSKEY RRset: 8340 ;; VERIFYING DNSKEY RRset for
mydnssec.com. with DNSKEY:8340: success
;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
[16:32:06 root@rhl-236 ~]#