Stack Overflow
Stack Overflow

Questions tagged [dnssec]

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

61 questions
20
votes
2 answers

Amazon Route 53 DNSSEC support

We are trying to decide which DNS hosting solution to use. Today we use Power DNS and we want to move to a hosted DNS solution. The best solution for us would be using Amazon's Route 53 for this. We are mandated to use DNSSEC for our DNS solution…
royeet
  • 749
  • 1
  • 6
  • 12
7
votes
2 answers

Validate RRSIG with PHP using openssl

I'm trying to do a RRSIG validation, I'm trying to use the openssl lib in PHP. But I'm having a problem to pass the public key to the openssl_verify function. This is a base code, using the Net/DNS2 library to do a DNS query with DNSSEC option. and…
Rabin
  • 646
  • 8
  • 18
7
votes
2 answers

Programmatically check if domains are DNSSEC protected

As the title says I want to programmatically check if a DNS response for a domain are protected with DNSSEC. How could I do this? It would be great, if there is a pythonic solution for this. UPDATE: changed request to response, sorry for the…
Thorben
  • 893
  • 13
  • 25
6
votes
1 answer

How to use DANE with Java?

How can I write a X509TrustManager in Java that used DANE (DNS-based Authentication of Named Entities)? Are there any samples or a library? Or has Java build in support for DANE?
Horcrux7
  • 21,867
  • 21
  • 85
  • 134
5
votes
1 answer

How to get validate DNSSEC with python?

I have been trying for a long time to get a DNSSEC validated on Google, but every time when I tried to get it, I got some errors. For example, when I was trying on Google.com. server didn't send me back a message or I got some problems with the…
Guaz
  • 160
  • 1
  • 1
  • 12
5
votes
1 answer

How To Enable Unbound DNSSEC DNS Resolver On Mac OS X 10.10.3 Yosemite

I'm using Mac OS X 10.10.3 Yosemite. Very recently upgraded from Snow Leopard (10.6.8) to Yosemite. Step A On my MacBook, I login into an Admin type privileged account. I installed the latest free XCode from the Apple App Store. With XCode, I also…
atErik
  • 385
  • 4
  • 20
4
votes
3 answers

How to setup DNSSEC for DNS records on AWS

Model: I have my domain registered in provider subreg.cz and he have ability of DNSSEC. I am pointing domain to AWS Route 53 with AWS nameservers. Trying setup DNSSEC on DNS records. Without any success. Why I am doing it? I have for domain ALIAS on…
Maximi
  • 487
  • 5
  • 15
3
votes
0 answers

What is the correct TLSA record for the QUIC protocol?

As QUIC is based on UDP, is the following entry correct? _443._udp.example.com. 300 IN TLSA 1 0 1 HASH...
David Sardari
  • 311
  • 1
  • 12
3
votes
1 answer

What is DNSSEC in a nutshell?

could anyone explain to me how the DNSSEC works in a nutshell? What I can already understand (but i do not know if it is completely correct) is: DNS is an old protocol created in the early Internet, therefore it has flaws (e.g. no authentication).…
Takeiji
  • 41
  • 2
2
votes
2 answers

Where I can find the DNSSEC values at Google Cloud DNS?

I am looking for the DNSSEC values (Key tag, Algorithm, Digest Type, and Digest) in Google Cloud DNS so that I can create a DS record for my domain in Google Domains.
Mikep
  • 21
  • 1
2
votes
2 answers

Is a DNS SRV record lookup secure?

I'm wondering how trustworthy the data from a SRV record lookup is? I have a program that essentially could fall apart if someone were to be able to spoof the SRV response. If not, are there any precautions that could be taken to make it…
Lane Wagner
  • 57
  • 3
2
votes
1 answer

co.uk. dns zone validation with DNSSEC

Long time listener, first time caller here. I'm writing a DNS resolver with DNSSEC validation incorporated, and have noticed something that i can't really understand, after several read-throughs of the affected RFCs. During a resolution that is a…
Johnny Credit
  • 21
  • 1
2
votes
1 answer

How to generate ECDSA private and public key for DNSSEC using OpenSSL?

I am trying to create private and public keys for DNSSEC algorithm 13: #include #include #include #include #include int main() { EC_KEY *eckey = NULL; const EC_POINT…
Oleg G
  • 925
  • 4
  • 11
2
votes
2 answers

where and how to submit DNSSEC DS record for a IDN ccTLD

I got the opportunity to configure an IDN ccTLD. I have already configured the DNS server and it is working properly. Now I have a challenge to secure the dns service by DNSSEC. I configured DNSSECC by self-signing. But Now I can't understand…
Samrat
  • 21
  • 1
2
votes
0 answers

Parsing Private-Key format 1.2 with Python 3

Working with DNSSEC and PowerDNS I am trying to parse a Private Key format 1.2 with Python so I can get the corresponding Public key. Using pydnssec ( https://github.com/tomas-mazak/pydnssec ) I was able to generate the private key. They key looks…
Wido den Hollander
  • 21
  • 3
1
2 3 4 5