[afnog] first signed root zone-nairobi data
Walubengo J
jwalu at yahoo.com
Fri Jul 16 11:59:36 UTC 2010
Alain,
below is the Nairobi data. I suppose you will educate me on how to interprate it?
walu.
; <<>> DiG 9.3.5-P1 <<>> @f.root-servers.net . soa +dnssec
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56929
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 14, ADDITIONAL: 22
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN SOA
;; ANSWER SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010071501 1800 900
604800 86400
. 86400 IN RRSIG SOA 8 0 86400 20100722000000 20100714230000 41248 .
iJEabLsGHtCq8qrfSbMIjzPpBLqXa0aD5cBsIp9Sf/NF0VJQQ4nl/v+j
6NR6/KClkAz2VviWE4hLDzMWcil5qzZJLvqduDedk3QV+mBKNy3OVPdN
IeyxK/nYtxVBJMKbynJ8pBm0vAL3TW1+0JEfD7IG0do5t84+32hQd9Mb Vn0=
;; AUTHORITY SECTION:
. 518400 IN NS h.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN RRSIG NS 8 0 518400 20100722000000 20100714230000 41248 .
ohs6B6xof3LrglEMni5/gz9NY5M8MWx0qNVpzo8SmzdqhA4gUGTzHW2O
9kz7ZqZLZq6LXUF2Qg2eYoY9rfBjajq0PSZIzkpwWGVIF2hQnbtiDUwS
RR/RliyBUsGyvom7LNug+527vQCCEu9GNWS9rSgqo2HY44+CYjqo0mpF Y58=
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 5 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Fri Jul 16 14:51:27 2010
;; MSG SIZE rcvd: 1044
============================
; <<>> DiG 9.3.5-P1 <<>> @j.root-servers.net . soa +dnssec
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27546
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 14, ADDITIONAL: 22
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN SOA
;; ANSWER SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010071501 1800 900
604800 86400
. 86400 IN RRSIG SOA 8 0 86400 20100722000000 20100714230000 41248 .
iJEabLsGHtCq8qrfSbMIjzPpBLqXa0aD5cBsIp9Sf/NF0VJQQ4nl/v+j
6NR6/KClkAz2VviWE4hLDzMWcil5qzZJLvqduDedk3QV+mBKNy3OVPdN
IeyxK/nYtxVBJMKbynJ8pBm0vAL3TW1+0JEfD7IG0do5t84+32hQd9Mb Vn0=
;; AUTHORITY SECTION:
. 518400 IN NS c.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN RRSIG NS 8 0 518400 20100722000000 20100714230000 41248 .
ohs6B6xof3LrglEMni5/gz9NY5M8MWx0qNVpzo8SmzdqhA4gUGTzHW2O
9kz7ZqZLZq6LXUF2Qg2eYoY9rfBjajq0PSZIzkpwWGVIF2hQnbtiDUwS
RR/RliyBUsGyvom7LNug+527vQCCEu9GNWS9rSgqo2HY44+CYjqo0mpF Y58=
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN A 192.36.148.17
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN A 192.58.128.30
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN A 193.0.14.129
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN A 199.7.83.42
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 1051 msec
;; SERVER: 192.58.128.30#53(192.58.128.30)
;; WHEN: Fri Jul 16 14:51:50 2010
;; MSG SIZE rcvd: 1044
========
; <<>> DiG 9.3.5-P1 <<>> +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7134
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;HOSTNAME.BIND. CH TXT
;; ANSWER SECTION:
HOSTNAME.BIND. 0 CH TXT "nbo1a.f.root-servers.org"
;; AUTHORITY SECTION:
HOSTNAME.BIND. 0 CH NS HOSTNAME.BIND.
;; Query time: 4 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Fri Jul 16 14:52:48 2010
;; MSG SIZE rcvd: 82
=====
; <<>> DiG 9.3.5-P1 <<>> +norec @J.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31427
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;HOSTNAME.BIND. CH TXT
;; ANSWER SECTION:
HOSTNAME.BIND. 0 CH TXT "jns6-ams1"
;; AUTHORITY SECTION:
HOSTNAME.BIND. 0 CH NS HOSTNAME.BIND.
;; Query time: 1034 msec
;; SERVER: 192.58.128.30#53(192.58.128.30)
;; WHEN: Fri Jul 16 14:53:03 2010
;; MSG SIZE rcvd: 67
--- On Fri, 7/16/10, ALAIN AINA <aalain at trstech.net> wrote:
From: ALAIN AINA <aalain at trstech.net>
Subject: Re: [afnog] first signed root zone
To: "Walubengo J" <jwalu at yahoo.com>
Cc: afnog at afnog.org
Date: Friday, July 16, 2010, 12:52 PM
On Jul 16, 2010, at 8:01 AM, Walubengo J wrote:
> Alain,
>
> nice to know. jst a quick qtn. Of what value (security-wise) would be a signed root server in relation to the many unsigned anycast (root) servers accross the globe?
>
> In other words, if the anycast server in Kenya is unsigned and it is handling my dns requests, then i dont get to benefit from the remote signed root server (right?)
Can you provide from Nairobi :
dig @f.root-servers.net . soa +dnssec
dig @j.root-servers.net . soa +dnssec
and
dig +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
dig +norec @J.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
thanks
--alain
>
> walu.
>
> --- On Fri, 7/16/10, ALAIN AINA <aalain at trstech.net> wrote:
>
> From: ALAIN AINA <aalain at trstech.net>
> Subject: [afnog] first signed root zone
> To: afnog at afnog.org
> Date: Friday, July 16, 2010, 8:48 AM
>
> Hi,
>
> First signed root zone published. serial number is 2010071501.
>
> Congratulations for people who make this happen.
>
> Now let's see if it breaks anything and how the TLD DS records will flow in the root zone.
>
> Do you remember our comment to NTIA enquiring about signing root zone ?
>
> http://www.ntia.doc.gov/DNS/comments/comment020.pdf
>
> Cheers
>
> --alain
>
>
>
>
>
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @f.root-servers.net . any +dnssec
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33797
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 22
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;. IN ANY
>
> ;; ANSWER SECTION:
> . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010071501 1800 900 604800 86400
> . 86400 IN RRSIG NSEC 8 0 86400 20100722000000 20100714230000 41248 . hRFnAY9bkRYKSVlnz8E1mG9QqRdoiK1UoMdPBO/mowHzJINUcFPYPXNS Mt74pesK7B0FAu4jEvzG+rXgD0D0e+t9RQXQLVYTMHIdA2qN6x+ujFV/ atbuVs+R8TAMUs1YO8fvFxWC/Be/eI63fzQXi7vy/kYOvujQF74jyjA8 Es4=
> . 86400 IN NSEC ac. NS SOA RRSIG NSEC DNSKEY
> . 86400 IN RRSIG DNSKEY 8 0 86400 20100725235959 20100711000000 19036 . I4cENgcWP+mN7eoX8KqPhvOMcGB0MMOB6ooTbEKHPR9gk6sAcJvq04tC ncwBNiMY3JxzHajsLmMermTL0sVmXj8j6Ba3eTX+t4CsdnUBFfk8zDyb lIIlYwWKZ/x2aXmOjKIKMIC9w8Wnt8awoo45MWzlAT2wGU7gcCAKxJ+O FG/ev8eUXpNxpzRIQvuC7ZGOlELJrrTQCgubyMWOjGaY0MPzrei0Uwe9 2autHPcISBKghnp80zfLmkueSO8qmkbwHn6Jg5vFQ7mG/BKJ5mDXCX5k IjfBQPPe+I2FsGnl+2r9yAmT1n7xLzktKRwKpCwE265EUhDMq7e0P7gF khgEPA==
> . 86400 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
> . 86400 IN DNSKEY 256 3 8 AwEAAb1gcDhBlH/9MlgUxS0ik2dwY/JiBIpV+EhKZV7LccxNc6Qlj467 QjHQ3Fgm2i2LE9w6LqPFDSng5qVq1OYFyTBt3DQppqDnAPriTwW5qIQN DNFv34yo63sAdBeU4G9tv7dzT5sPyAgmVh5HDCe+6XM2+Iel1+kUKCel 8Icy19hR
> . 518400 IN RRSIG NS 8 0 518400 20100722000000 20100714230000 41248 . ohs6B6xof3LrglEMni5/gz9NY5M8MWx0qNVpzo8SmzdqhA4gUGTzHW2O 9kz7ZqZLZq6LXUF2Qg2eYoY9rfBjajq0PSZIzkpwWGVIF2hQnbtiDUwS RR/RliyBUsGyvom7LNug+527vQCCEu9GNWS9rSgqo2HY44+CYjqo0mpF Y58=
> . 518400 IN NS l.root-servers.net.
> . 518400 IN NS e.root-servers.net.
> . 518400 IN NS i.root-servers.net.
> . 518400 IN NS d.root-servers.net.
> . 518400 IN NS k.root-servers.net.
> . 518400 IN NS h.root-servers.net.
> . 518400 IN NS f.root-servers.net.
> . 518400 IN NS j.root-servers.net.
> . 518400 IN NS a.root-servers.net.
> . 518400 IN NS c.root-servers.net.
> . 518400 IN NS g.root-servers.net.
> . 518400 IN NS b.root-servers.net.
> . 518400 IN NS m.root-servers.net.
> . 86400 IN RRSIG SOA 8 0 86400 20100722000000 20100714230000 41248 . iJEabLsGHtCq8qrfSbMIjzPpBLqXa0aD5cBsIp9Sf/NF0VJQQ4nl/v+j 6NR6/KClkAz2VviWE4hLDzMWcil5qzZJLvqduDedk3QV+mBKNy3OVPdN IeyxK/nYtxVBJMKbynJ8pBm0vAL3TW1+0JEfD7IG0do5t84+32hQd9Mb Vn0=
>
> ;; ADDITIONAL SECTION:
> a.root-servers.net. 3600000 IN A 198.41.0.4
> b.root-servers.net. 3600000 IN A 192.228.79.201
> c.root-servers.net. 3600000 IN A 192.33.4.12
> d.root-servers.net. 3600000 IN A 128.8.10.90
> e.root-servers.net. 3600000 IN A 192.203.230.10
> f.root-servers.net. 3600000 IN A 192.5.5.241
> g.root-servers.net. 3600000 IN A 192.112.36.4
> h.root-servers.net. 3600000 IN A 128.63.2.53
> i.root-servers.net. 3600000 IN A 192.36.148.17
> j.root-servers.net. 3600000 IN A 192.58.128.30
> k.root-servers.net. 3600000 IN A 193.0.14.129
> l.root-servers.net. 3600000 IN A 199.7.83.42
> m.root-servers.net. 3600000 IN A 202.12.27.33
> a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
> f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
> h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
> i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
> j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
> k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
> l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
> m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
>
> ;; Query time: 201 msec
> ;; SERVER: 192.5.5.241#53(192.5.5.241)
> ;; WHEN: Fri Jul 16 04:23:34 2010
> ;; MSG SIZE rcvd: 1934
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20100716/64c89982/attachment-0001.htm>
More information about the afnog
mailing list