• Print
  • Share
  • Dark

I don't get RRSIG's returned when I use "dig +dnssec" - why is this?

  • Updated on 15 Oct 2018
  • 1 minute to read
  • Contributors 

Most likely, the domain is not signed.

If it is signed, then check whether DNSSEC has been disabled on the nameserver you are querying. In BIND 9, DNSSEC is enabled by default, but can be disabled with:

dnssec-enable no;

If this has been done, the server will not return RRSIG records.

Problems with this site? Email us at marketing@isc.org