On Thu, Jan 26, 2023 at 08:33:21PM +0100, Stephane Bortzmeyer wrote:
> I'm looking for zones in the wild that are signed using the technique
> of white lies (RFC 4470).
>
> [Not the black lies used by Cloudflare.]
Three sample zones:
herokudns.com. IN SOA dns1.p05.nsone.net. hostmaster.nsone.net. 1661188672
600 900 1209600 10
herokudns.com. IN RRSIG SOA 13 2 60 20230128051202 20230126051202 44688
herokudns.com. [...]
foobarbaz.herokudns.com. IN NSEC \000.foobarbaz.herokudns.com. RRSIG NSEC
foobarbaz.herokudns.com. IN RRSIG NSEC 13 3 10 20230128051202
20230126051202 44688 herokudns.com. [...]
technohazard.io. IN SOA squid.technohazard.io. [email protected].
2022081701 900 300 86400 1800
technohazard.io. IN RRSIG SOA 13 2 3600 20230202180551 20230125150551 19807
technohazard.io. [...]
foobarbaz.technohazard.io. IN NSEC \000.foobarbaz.technohazard.io. A TYPE13
TXT AAAA TYPE29 TYPE37 TYPE44 RRSIG NSEC TLSA TYPE55 TYPE61 TYPE99
foobarbaz.technohazard.io. IN RRSIG NSEC 13 3 3600 20230204051400
20230127021400 19807 technohazard.io. [...]
cfccualerts.com. IN SOA ns1.dnsbycomodo.net. admin.dns.com. 2021101281
10800 864000 7200 7200
cfccualerts.com. IN RRSIG SOA 13 2 7200 20230129122400 20230109122400 39711
cfccualerts.com. [...]
foobarbaz.*.cfccualerts.com. IN NSEC \000.foobarbaz.*.cfccualerts.com.
RRSIG NSEC
foobarbaz.*.cfccualerts.com. IN RRSIG NSEC 13 4 3600 20230129122400
20230109122400 39711 cfccualerts.com. [...]
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
