Contents x
I don't get RRSIG's returned when I use "dig +dnssec" - why is this?
  • 15 Oct 2018
  • 1 Minute to read
  • Contributors
  • Print
  • Dark
    Light
  • PDF
Contents

I don't get RRSIG's returned when I use "dig +dnssec" - why is this?

  • Updated on 15 Oct 2018
  • 1 Minute to read
  • Contributors
  • Print
  • Dark
    Light
  • PDF
Article Summary

Most likely, the domain is not signed.

If it is signed, then check whether DNSSEC has been disabled on the nameserver you are querying. In BIND 9, DNSSEC is enabled by default, but can be disabled with:

dnssec-enable no;

If this has been done, the server will not return RRSIG records.

What's Next

Cookie consent

We use our own and third-party cookies to understand how you interact with our Knowledgebase. This helps us show you more relevant content and ads based on your browsing and navigation history.