Stack Overflow
Stack Overflow

Questions tagged [dnssec]

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

61 questions
0
votes
0 answers

How to verify an IP address is DNSSEC-ed with dnspython?

I sent recursive DNS queries to root name servers, TLD servers, and authoritive servers for stanford.edu. Root response: TLD response: Authority response: At all 3 levels, I could see that DNSSEC is supported. How could I use dnspython and…
weefwefwqg3
  • 821
  • 8
  • 20
0
votes
2 answers

Mxtoobox: Loop detected! We were referred back to IP

I followed the tutorial for DNSSEC found in https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2 Here is my zone file: $ORIGIN . $TTL 86400 ; 1 day example.net IN SOA …
André Moreira
  • 129
  • 2
  • 9
0
votes
1 answer

dnssec-keygen -n owner significance

I'm trying to set up ddns (dynamic dns) using keys generated with dnssec-keygen. I used -n USER "username", thinking this would limit use of the key to "username". However, anyone who has the key can do ddns updates, which is not what I want. I'd…
shefiguresitout
  • 1
0
votes
1 answer

DNSSEC - Do we have to store keys after we signed zones with them?

I'm now working on WMbind and I'm making a new module called 'signedzone' . And, I added one more table to wmbind database which is a keys table. So, as the questions asked above, do we have to store keys(in this case, I mean both KSK and ZSK) after…
Nui
  • 1
  • 1
0
votes
1 answer

getdns API: How do I know if a RESPSTATUS_NO_NAME response is secure?

I'm using the Python getdns API. I'm using the extensions: extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE} This means that I'm told if the responses are DNSSEC secured with the dnssec_status option in the reply dictionary.…
vy32
  • 24,271
  • 30
  • 100
  • 197
0
votes
1 answer

What is Canonical wire format of a DNS TSIG RR name?

As per RFC 2845 the TSIG RR key name should be in the Canonical wire format. What does canonical wire format exactly mean? I have gone through the RFC 2523 and it states that "For purposes of DNS security, the canonical form for an RR is the …
Gopi
  • 13
  • 2
0
votes
1 answer

Would integration with DPDK be beneficial in terms of performance for a DNS/DHCP/DNSSEC server?

DPDK seems to provide an impressive performance boost for certain applications but I don't think servers will benefit nearly as much as things like routers/switches. I haven't seen any mention of this being done or worked on so I am just wondering…
user2163300
  • 17
0
votes
1 answer

RFC 4035 dnssec zone apex term

im reading RFC 4035 which has to do with DNSSec, and there's a term which is causing me trouble to get, which is the following - Zone Apex -, perhaps i sound like a rookie, but every help on this is very welcome. Thanks!!
Roberto Olivas
  • 3
  • 1
0
votes
0 answers

When using https but not DNSSEC, under what situation, a client is vulnerable?

So DNSSEC is to ensure that returned IP address is not poisoned. And https is to verify the remote server. My question is that when protected by https, under what circumstances, a client is vulnerable? Say I go to https://www.facebook.com, even…
Eniaczz
  • 73
  • 1
  • 6
0
votes
1 answer

DNSSEC setup for polish registrar?

Nazwa, a popular polish registrar requires these values to enable DNSSEC but I have searched all over the internet and I still do not know what values to put into the Nazwa panel. Also if someone manages to know what values are needed to be…
Aidan Nicholson
  • 11
  • 1
0
votes
2 answers

dnsjava - How to do a Lookup with DNSSEC validation?

dnsjava has DNSSEC support. I'd like to do a simple Lookup, just like the Lookup examples ( http://www.xbill.org/dnsjava/dnsjava-current/examples.html ), but have dnsjava tell me if it validates DNSSEC. (Or, raise an exception if it doesn't.) I've…
SRobertJames
  • 6,827
  • 12
  • 48
  • 89
0
votes
1 answer

Is the sixed field of a DS record protocol?

Can some tell me what the layout is of DS record for DNSsec. A specialy the naming If you look at this DS record: 231.72.212.in-addr.arpa. 3600 IN DS 45767 8 2 93f383a81ff2c124bdd395f51e58b88317cb8852facd93d3f6f30efdd2afa5b8 fieldsnames…
Bas van den Dikkenberg
  • 214
  • 1
  • 12
-1
votes
1 answer

Why salt of NSEC3 record should be made public?

I'm wondering why NSEC3 record should include salt? I can't imagine why and how resolvers use salt?
user6938419
  • 29
  • 2
-1
votes
1 answer

DNS SERVFAIL Error for normal dig but no error with +trace

I've configured a new zone (IDN domain) at my authoritative DNS server, but it dosesn't work, when I try to troubleshiit using DIG command i receive "SERVFAIL" dig.exe @8.8.8.8 xn--mgba6g.xn--ngbsg9e a ; <<>> DiG 9.12.3 <<>> @8.8.8.8…
refra
  • 1
  • 1
-1
votes
1 answer

DNSSEC Key Roll Over regarding DS record updation

Please help me to clarify my doubts, I have a doubt regarding DNSSEC Key Roll Over. If any specific reason to resign every domain within a time period? If it gets resigned and regenerated KSK and ZSK did I need to update new DS record at registrar…
Amal P Ramesh
  • 21
  • 5
1 2 3
4
5