On 02/13/12 18:57, Spain, Dr. Jeffry A. wrote:
Ok, thanks a lot. I thought it was a client process. Now I can query
for the DS, DNSKEY records from isc.org.
Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind
has such a caching program? Do we have a DNSSEC capable resolver in BIN
On 02/13/12 18:41, Phil Mayers wrote:
On 13/02/12 13:03, dE . wrote:
Ok, thanks a lot. I thought it was a client process. Now I can query for
the DS, DNSKEY records from isc.org.
Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind has
such a caching program? Do we have a DNSSE
>> Ok, thanks a lot. I thought it was a client process. Now I can query
>> for the DS, DNSKEY records from isc.org.
>> Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind
>> has such a caching program? Do we have a DNSSEC capable resolver in BIND?
> Bind *is* a caching program.
On 13/02/12 13:03, dE . wrote:
Ok, thanks a lot. I thought it was a client process. Now I can query for
the DS, DNSKEY records from isc.org.
Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind has
such a caching program? Do we have a DNSSEC capable resolver in BIND?
Bind *is*
On 02/13/12 18:16, Spain, Dr. Jeffry A. wrote:
Try this one: dig @bind.odvr.dns-oarc.net. isc.org +dnssec You should
get an AD flag returned and a variety of RRSIG records. Jeff.
I hope I'm not missing any concepts here, but there should be a public key to
verify the RRSIG, where's that? Should
>> Try this one: dig @bind.odvr.dns-oarc.net. isc.org +dnssec You should
>> get an AD flag returned and a variety of RRSIG records. Jeff.
> I hope I'm not missing any concepts here, but there should be a public key to
> verify the RRSIG, where's that? Shouldn't the server return additional DNSKE
On 13/02/12 12:28, dE . wrote:
On 02/13/12 11:00, Spain, Dr. Jeffry A. wrote:
Using this DNS server, I'm still not getting the DNSKEY for any
DNSSEC capable domain; infact this server has issues -
dig +dnssec -t A dnssec.net @bind.odvr.dns-oarc.net.
I'd be really happy if I could get some domain
On 02/13/12 11:00, Spain, Dr. Jeffry A. wrote:
Using this DNS server, I'm still not getting the DNSKEY for any DNSSEC capable
domain; infact this server has issues -
dig +dnssec -t A dnssec.net @bind.odvr.dns-oarc.net.
I'd be really happy if I could get some domains which are signed.
Try this o
On 02/12/12 18:48, Mark Andrews wrote:
8.8.8.8 returns servfail for me.
Note a RFC 1035 caching server should be be able to resolve "dig ds org"
though it may not return the response from the parent zone. It depends
on the cache state when the query is made.
Google seems to be okay at lookin
> Using this DNS server, I'm still not getting the DNSKEY for any DNSSEC
> capable domain; infact this server has issues -
> dig +dnssec -t A dnssec.net @bind.odvr.dns-oarc.net.
> I'd be really happy if I could get some domains which are signed.
Try this one: dig @bind.odvr.dns-oarc.net. isc.org
On 02/13/12 10:13, Spain, Dr. Jeffry A. wrote:
But another question remains, where's the DNSKEY record which's the missing
link as of the current time.
Querying --
dig +dnssec -t DNSKEY yahoo.com @198.41.0.4
Does not return anything.
I think that yahoo.com is probably not a DNSSEC-signed zone a
In message <4f389087.50...@gmail.com>, "dE ." writes:
>
> On 02/12/12 23:13, Miek Gieben wrote:
> > [ Quoting at 23:10 on Feb 12 in "dig -- only RRSIG pr
> ..." ]
> >> I'm trying to see DNSSEC response of various sites; my DNS server is
> >> 8.8.8.8 (google's public DNS service)
> > Google's pub
> But another question remains, where's the DNSKEY record which's the missing
> link as of the current time.
> Querying --
> dig +dnssec -t DNSKEY yahoo.com @198.41.0.4
> Does not return anything.
I think that yahoo.com is probably not a DNSSEC-signed zone and so has no
DNSKEY records. Otherwise
On 02/13/12 08:29, Spain, Dr. Jeffry A. wrote:
As Tony Finch pointed out to me a few days ago, the Google public servers don't
understand that fact about DS records, and don't know to ask for them in the
parent. But here's something interesting - as of my testing just now, they *do*
respond wi
On 02/12/12 23:13, Miek Gieben wrote:
[ Quoting at 23:10 on Feb 12 in "dig -- only RRSIG pr..."
]
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Google's public resolvers don't handle DNSSEC very well...
grtz Miek
> As Tony Finch pointed out to me a few days ago, the Google public servers
> don't understand that fact about DS records, and don't know to ask for them
> in the parent. But here's something interesting - as of my testing just now,
> they *do* respond with DS records
This thread has been kind
8.8.8.8 returns servfail for me.
Note a RFC 1035 caching server should be be able to resolve "dig ds org"
though it may not return the response from the parent zone. It depends
on the cache state when the query is made.
Mark
% dig ds org @8.8.8.8
; <<>> DiG 9.7.3-P3 <<>> ds org @8.8.8.8
;;
On Sun, Feb 12, 2012 at 10:22:22AM -0800, Michael Sinatra wrote:
> On 02/12/12 09:40, dE . wrote:
> >I'm trying to see DNSSEC response of various sites; my DNS server is
> >8.8.8.8 (google's public DNS service)
. . .
> >As we can see, the DNSKEY and DS RR is missing which's mandatory for
> >this t
On 02/12/12 09:40, dE . wrote:
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Response is as such -
dig +dnssec -t SOA org
; <<>> DiG 9.8.1 <<>> +dnssec -t SOA org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,
[ Quoting at 23:10 on Feb 12 in "dig -- only RRSIG pr..."
]
> I'm trying to see DNSSEC response of various sites; my DNS server is
> 8.8.8.8 (google's public DNS service)
Google's public resolvers don't handle DNSSEC very well...
grtz Miek
signature.asc
Description: Digital signature
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Response is as such -
dig +dnssec -t SOA org
; <<>> DiG 9.8.1 <<>> +dnssec -t SOA org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20306
;; f
21 matches
Mail list logo
