Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Apr 2010 16:52:26 +0100
From:      krad <kraduk@googlemail.com>
To:        "John R. Levine" <johnl@iecc.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: DJB and root ns server dnssec signing
Message-ID:  <i2pd36406631004190852q7e1204d1z8b10ab7cd5bb7274@mail.gmail.com>
In-Reply-To: <alpine.BSF.2.00.1004191105450.48244@joyce.lan>
References:  <n2rd36406631004190412k9fea6e71i2b61d411fd7948@mail.gmail.com> <20100419145615.48204.qmail@joyce.lan> <m2yd36406631004190759g4f1da008gc13d0c250ffde539@mail.gmail.com> <alpine.BSF.2.00.1004191105450.48244@joyce.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 19 April 2010 16:06, John R. Levine <johnl@iecc.com> wrote:

> I think watch i really need to do is find a root ns that is already serving
>> signed records then limit djb to that, and then i can do some testing. My
>> gut feeling is that it will be ok, but its no where near 90% let alone
>> 100%
>> which is why im nervous. PR nightmare if it does go wrong
>>
>
> The roots all return the same thing, but you might try some experiments
> using requests to the tiny .MUSEUM domain which has been signed for a while.
>
> R's,
> John
>

ok this is the bit that worries me

Bind server on public ip (not firewalled)

#  /usr/local/bind-9.7.0-P1/bin/dig @127.0.0.1  museum

; <<>> DiG 9.7.0-P1 <<>> @127.0.0.1 museum
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33867
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;museum.                IN    A

;; AUTHORITY SECTION:
museum.            3485    IN    SOA    nic.museum. hostmaster.nic.museum.
2010041637 28800 7200 1209600 3600

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 19 16:51:17 2010
;; MSG SIZE  rcvd: 75


querying the djb public server


#  /usr/local/bind-9.7.0-P1/bin/dig @djbcache  museum

; <<>> DiG 9.7.0-P1 <<>> @mk-cache-7.ns.uk.tiscali.com museum
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10827
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;museum.                IN    A

;; Query time: 1 msec
;; SERVER: 212.139.132.43#53(212.139.132.43)
;; WHEN: Mon Apr 19 16:52:01 2010
;; MSG SIZE  rcvd: 24

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?i2pd36406631004190852q7e1204d1z8b10ab7cd5bb7274>