[afnog] first signed root zone
Walubengo J
jwalu at yahoo.com
Fri Jul 16 08:01:04 UTC 2010
Alain,
nice to know. jst a quick qtn. Of what value (security-wise) would be a signed root server in relation to the many unsigned anycast (root) servers accross the globe?
In other words, if the anycast server in Kenya is unsigned and it is handling my dns requests, then i dont get to benefit from the remote signed root server (right?)
walu.
--- On Fri, 7/16/10, ALAIN AINA <aalain at trstech.net> wrote:
From: ALAIN AINA <aalain at trstech.net>
Subject: [afnog] first signed root zone
To: afnog at afnog.org
Date: Friday, July 16, 2010, 8:48 AM
Hi,
First signed root zone published. serial number is 2010071501.
Congratulations for people who make this happen.
Now let's see if it breaks anything and how the TLD DS records will flow in the root zone.
Do you remember our comment to NTIA enquiring about signing root zone ?
http://www.ntia.doc.gov/DNS/comments/comment020.pdf
Cheers
--alain
; <<>> DiG 9.6.0-APPLE-P2 <<>> @f.root-servers.net . any +dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33797
;; flags: qr aa rd; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 22
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN ANY
;; ANSWER SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010071501 1800 900 604800 86400
. 86400 IN RRSIG NSEC 8 0 86400 20100722000000 20100714230000 41248 . hRFnAY9bkRYKSVlnz8E1mG9QqRdoiK1UoMdPBO/mowHzJINUcFPYPXNS Mt74pesK7B0FAu4jEvzG+rXgD0D0e+t9RQXQLVYTMHIdA2qN6x+ujFV/ atbuVs+R8TAMUs1YO8fvFxWC/Be/eI63fzQXi7vy/kYOvujQF74jyjA8 Es4=
. 86400 IN NSEC ac. NS SOA RRSIG NSEC DNSKEY
. 86400 IN RRSIG DNSKEY 8 0 86400 20100725235959 20100711000000 19036 . I4cENgcWP+mN7eoX8KqPhvOMcGB0MMOB6ooTbEKHPR9gk6sAcJvq04tC ncwBNiMY3JxzHajsLmMermTL0sVmXj8j6Ba3eTX+t4CsdnUBFfk8zDyb lIIlYwWKZ/x2aXmOjKIKMIC9w8Wnt8awoo45MWzlAT2wGU7gcCAKxJ+O FG/ev8eUXpNxpzRIQvuC7ZGOlELJrrTQCgubyMWOjGaY0MPzrei0Uwe9 2autHPcISBKghnp80zfLmkueSO8qmkbwHn6Jg5vFQ7mG/BKJ5mDXCX5k IjfBQPPe+I2FsGnl+2r9yAmT1n7xLzktKRwKpCwE265EUhDMq7e0P7gF khgEPA==
. 86400 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
. 86400 IN DNSKEY 256 3 8 AwEAAb1gcDhBlH/9MlgUxS0ik2dwY/JiBIpV+EhKZV7LccxNc6Qlj467 QjHQ3Fgm2i2LE9w6LqPFDSng5qVq1OYFyTBt3DQppqDnAPriTwW5qIQN DNFv34yo63sAdBeU4G9tv7dzT5sPyAgmVh5HDCe+6XM2+Iel1+kUKCel 8Icy19hR
. 518400 IN RRSIG NS 8 0 518400 20100722000000 20100714230000 41248 . ohs6B6xof3LrglEMni5/gz9NY5M8MWx0qNVpzo8SmzdqhA4gUGTzHW2O 9kz7ZqZLZq6LXUF2Qg2eYoY9rfBjajq0PSZIzkpwWGVIF2hQnbtiDUwS RR/RliyBUsGyvom7LNug+527vQCCEu9GNWS9rSgqo2HY44+CYjqo0mpF Y58=
. 518400 IN NS l.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 86400 IN RRSIG SOA 8 0 86400 20100722000000 20100714230000 41248 . iJEabLsGHtCq8qrfSbMIjzPpBLqXa0aD5cBsIp9Sf/NF0VJQQ4nl/v+j 6NR6/KClkAz2VviWE4hLDzMWcil5qzZJLvqduDedk3QV+mBKNy3OVPdN IeyxK/nYtxVBJMKbynJ8pBm0vAL3TW1+0JEfD7IG0do5t84+32hQd9Mb Vn0=
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 201 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Fri Jul 16 04:23:34 2010
;; MSG SIZE rcvd: 1934
_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20100716/4090ac9b/attachment.htm>
More information about the afnog
mailing list