[AusNOG] Are you DNSSEC Ready?

Saunders, D'Wayne S DWayne.Saunders at team.telstra.com
Mon May 3 09:42:38 EST 2010 

From the article
 

Nominum CNS


Nominum's CNS resolver is designed to utilize EDNS only after first receiving a truncated response. To use this test with a CNS resolver, issue the following query:

	$ dig tcf.rs.dns-oarc.net txt

The special name "tcf" instructs the server to set the TC bit in responses if the query doesn't have an EDNS pseudo-record. This should cause CNS to re-query with EDNS.

 
 
$ dig tcf.rs.dns-oarc.net txt @resolver1.telstra.net
 
; <<>> DiG 9.4.2-P2 <<>> tcf.rs.dns-oarc.net txt @resolver1.telstra.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62540
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;tcf.rs.dns-oarc.net.           IN      TXT
 
;; ANSWER SECTION:
tcf.rs.dns-oarc.net.    60      IN      CNAME   tcf.x3831.rs.dns-oarc.net.
tcf.x3831.rs.dns-oarc.net. 59   IN      CNAME   tcf.x3837.x3831.rs.dns-oarc.net.
tcf.x3837.x3831.rs.dns-oarc.net. 58 IN  CNAME   tcf.x3843.x3837.x3831.rs.dns-oarc.net.
tcf.x3843.x3837.x3831.rs.dns-oarc.net. 57 IN TXT "203.50.40.33 DNS reply size limit is at least 3843"
tcf.x3843.x3837.x3831.rs.dns-oarc.net. 57 IN TXT "Tested at 2010-05-02 23:42:04 UTC"


________________________________

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Jason Lingohr
Sent: Sunday, 2 May 2010 5:09 PM
To: ausnog at ausnog.net
Subject: Re: [AusNOG] Are you DNSSEC Ready?


No surprise to see Telstra resolvers can't handle EDNS...

rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"203.50.90.32 lacks EDNS, defaults to 512"
"203.50.90.32 DNS reply size limit is at least 490"
"Tested at 2010-05-02 06:55:47 UTC"


On 2/05/2010 2:19 PM, Karl Kloppenborg wrote: 

	Hey Noggers!  

	With the DNSSEC roll date set to 5th of may (oh look, that's in three days!) 

	Are you ready?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100503/bdd3e690/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100503/bdd3e690/attachment.sig>

More information about the AusNOG mailing list