This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC: Signed zones list
- Previous message (by thread): [dns-wg] DNSSEC: Signed zones list
- Next message (by thread): [dns-wg] DNSSEC: Signed zones list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jeroen Massar
jeroen at unfix.org
Mon Feb 27 13:07:36 CET 2006
On Mon, 2006-02-27 at 14:30 +0300, Max Tulyev wrote: > > Another trick to delegate the maintaining work is to use a lookaside zone. > > There are two zones out there: dlv.verisignlab.com and dnssec.iks-jena.de. > > A lookaside zone is used by your DNS server to determine a "DS" record for > > an unknown zone. Consequently the lookaside zone does not contain records > > for chained zones. > > It's like black magic :( > > localhost bind # ping dlv.verisignlab.com > ping: unknown host dlv.verisignlab.com try adding an 's'. The above is a very nice example of a domainsquatter (also something where neither dnssec or tls can't help as anyone can register any domain) $ dig -t any dlv.verisignlabs.com ;; Truncated, retrying in TCP mode. [..] dlv.verisignlabs.com. 86400 IN NS ns1.dlv.verisignlabs.com. dlv.verisignlabs.com. 3600 IN DNSKEY 256 3 5 AQOlH7LDa3Sy/rK +WyqydkS94p1hWWhEyTdZhxwuz/1zPGqh8pc8lXNj tOqcVXNSQX1XCSJPhW8XylXlq8gLlyRiVUs+TBoKrGYs7VARuLqZZDW4 Utu +VuDsTCjxjtAgxH15KfJbmnpMP3ffQvDHzyj8F2Dw6aaLHAwot3eI YWOy7w== [..] > localhost bind # ping dnssec.iks-jena.de > ping: unknown host dnssec.iks-jena.de Doesn't have an A record, but does have a large number of others. Use the 'dig'. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part URL: </ripe/mail/archives/dns-wg/attachments/20060227/05f3b13c/attachment.sig>
- Previous message (by thread): [dns-wg] DNSSEC: Signed zones list
- Next message (by thread): [dns-wg] DNSSEC: Signed zones list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]