[AusNOG] Are you DNSSEC Ready?
PRK
ausnog at digitaljunkie.net
Sun May 2 17:32:23 EST 2010
Telstra (and other large ISPs) may be using Nominum CNS, which only uses
EDNS after getting a truncated response (details at
https://www.dns-oarc.net/oarc/services/replysizetest ).
eg at first it looks like iiNet's server don't support EDNS:
> dig +short rs.dns-oarc.net txt @dns.iinet.net.au
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"203.55.230.105 DNS reply size limit is at least 490"
"203.55.230.105 lacks EDNS, defaults to 512"
"Tested at 2010-05-02 07:28:06 UTC"
>
But if you query using tcf.rs.dns-oarc.net it shows they actually do:
; <<>> DiG 9.4.2-P2.1 <<>> tcf.rs.dns-oarc.net txt @dns.iinet.net.au
;; QUESTION SECTION:
;tcf.rs.dns-oarc.net. IN TXT
;; ANSWER SECTION:
tcf.rs.dns-oarc.net. 60 IN CNAME tcf.x3831.rs.dns-oarc.net.
tcf.x3831.rs.dns-oarc.net. 59 IN CNAME
tcf.x3837.x3831.rs.dns-oarc.net.
tcf.x3837.x3831.rs.dns-oarc.net. 58 IN CNAME
tcf.x3843.x3837.x3831.rs.dns-oarc.net.
tcf.x3843.x3837.x3831.rs.dns-oarc.net. 57 IN TXT "203.55.230.105 DNS reply
size limit is at least 3843"
tcf.x3843.x3837.x3831.rs.dns-oarc.net. 57 IN TXT "Tested at 2010-05-02
07:28:39 UTC"
prk
On 2 May 2010 15:08, Jason Lingohr <jason at lucid.net.au> wrote:
> No surprise to see Telstra resolvers can't handle EDNS...
>
> rst.x476.rs.dns-oarc.net.
> rst.x485.x476.rs.dns-oarc.net.
> rst.x490.x485.x476.rs.dns-oarc.net.
> "203.50.90.32 lacks EDNS, defaults to 512"
> "203.50.90.32 DNS reply size limit is at least 490"
> "Tested at 2010-05-02 06:55:47 UTC"
>
>
>
> On 2/05/2010 2:19 PM, Karl Kloppenborg wrote:
>
> Hey Noggers!
>
> With the DNSSEC roll date set to 5th of may (oh look, that's in three
> days!)
>
> *Are you ready?*
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100502/89d81b0a/attachment.html>
More information about the AusNOG
mailing list