DJB and root ns server dnssec signing
krad
kraduk at googlemail.com
Mon Apr 19 15:52:30 UTC 2010
On 19 April 2010 16:06, John R. Levine <johnl at iecc.com> wrote:
> I think watch i really need to do is find a root ns that is already serving
>> signed records then limit djb to that, and then i can do some testing. My
>> gut feeling is that it will be ok, but its no where near 90% let alone
>> 100%
>> which is why im nervous. PR nightmare if it does go wrong
>>
>
> The roots all return the same thing, but you might try some experiments
> using requests to the tiny .MUSEUM domain which has been signed for a while.
>
> R's,
> John
>
ok this is the bit that worries me
Bind server on public ip (not firewalled)
# /usr/local/bind-9.7.0-P1/bin/dig @127.0.0.1 museum
; <<>> DiG 9.7.0-P1 <<>> @127.0.0.1 museum
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33867
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;museum. IN A
;; AUTHORITY SECTION:
museum. 3485 IN SOA nic.museum. hostmaster.nic.museum.
2010041637 28800 7200 1209600 3600
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 19 16:51:17 2010
;; MSG SIZE rcvd: 75
querying the djb public server
# /usr/local/bind-9.7.0-P1/bin/dig @djbcache museum
; <<>> DiG 9.7.0-P1 <<>> @mk-cache-7.ns.uk.tiscali.com museum
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10827
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;museum. IN A
;; Query time: 1 msec
;; SERVER: 212.139.132.43#53(212.139.132.43)
;; WHEN: Mon Apr 19 16:52:01 2010
;; MSG SIZE rcvd: 24
More information about the freebsd-questions
mailing list