Hello,
I just read about dig 9.9.x and a +rrcomments extension. G. find not more then "used to queries for dnskey"
I worry about my comments are now disclosed by that option and like to know something more about it.
Could somebody switch the light on?
Thanks
Andreas
Not related to NSD at all, but just try it and you see the difference:
$ dig com dnskey
com. 18437 IN DNSKEY 256 3 8 AQP4EYpFFaPyZO6sdDcbU9TLub57XXz6zYVh3cC61DLXIUg89GE1i0gl 03bXsqVZ49p/fnEQNf63yY1JTbJ9rzCg1YiSUy72V9cybseC4l2Ct/aJ mvPwW7ULFdcNFfh9+RZvSO5CU2CCaJqD7j6Rm7igomG+TtQGQj1c0uNl h8jzuw==
$ dig com dnskey +rrcomments
com. 18433 IN DNSKEY 256 3 8 AQP4EYpFFaPyZO6sdDcbU9TLub57XXz6zYVh3cC61DLXIUg89GE1i0gl 03bXsqVZ49p/fnEQNf63yY1JTbJ9rzCg1YiSUy72V9cybseC4l2Ct/aJ mvPwW7ULFdcNFfh9+RZvSO5CU2CCaJqD7j6Rm7igomG+TtQGQj1c0uNl h8jzuw== ; ZSK; alg = RSASHA256; key id = 22625
You see, that dig adds a comment into the RR which describes the RR (especially useful for DNSEC related keys).
regards
Klaus
Most importantly; these comments are derived by dig, from the actual RR
data on the wire, *not* from whatever comments where there in de zone
file (that information is generally not stored, and certainly not
transmitted).
Jelte
Zitat von Jelte Jansen <jelte.jansen@sidn.nl>:
Most importantly; these comments are derived by dig, from the actual RR
data on the wire, *not* from whatever comments where there in de zone
file (that information is generally not stored, and certainly not
transmitted).
that's the point!
thanks