Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dnssec]

Domain Name System Security Extension is a specification for securing certain kinds of information provided by Domain Name System

Domain Name System Security Extension is a specification for securing certain kinds of information provided by Domain Name System.

Its purpose is to allow DNS resolvers (clients) to establish origin and authenticity of DNS records. It works by digitally signing these records using public-key cryptography.

Currently it is described in IETF RFC 2535.

206 questions
0
votes
0 answers

Different DNS records on offline local network with valid DNSSEC

This is pretty much DNS spoofing on local network including DNSSEC, but I believe it should be somehow possible since I'm the legitimate owner of the domain. I'm planning to provide a service during 1-2 day events. The service will be available to…
M. Volf
  • 109
  • 2
0
votes
0 answers

My co.za domain name won't propagate

I bought a co.za domain name at Godaddy and changed the A record to point to Justhost. However the domain will not propagate. I checked https://dnschecker.org https://dnschecker.org. It's been over 72 hours and nothing. What must I do? Neither…
Justine
  • 1
0
votes
1 answer

DNSSEC - DNS/domain providers that enable DANE DNS records

Our company registered domain "example.eu" with Gandi which has a "one click solution" to enable the DNSSEC for our domain's zone. So we enabled it, waited until dnsviz inspection tool showed us that our parent zone (.eu) got the hashed public KSK…
71GA
  • 363
  • 1
  • 3
  • 10
0
votes
1 answer

DNSSEC can easily be spoofed?

I want to know the purpose of DNSSEC, what problem does it really try to solve? I think DNSSEC can easily be spoofed by inserting a non-DNSSEC DNS server into the network that serves a non-DNSSEC copy of the zone. But maybe that is not the problem…
anneb
  • 196
  • 2
  • 8
0
votes
1 answer

How do I generate an SSHFP record from a remote ssh server (like a router)?

How do I generate an SSHFP DNS records for a server like a router that does not give you direct access to their keys in a format that ssh-keygen -r machine understands? The ssh-keygen -r machine reads private keys on the local machine.
Graham Leggett
  • 217
  • 3
  • 11
0
votes
1 answer

DNS is only partially working after changing the provider

My website is ecoguardfilters.com. I bought a domain from GoDaddy and hosting is with Hostinger. I changed the nameserver to Hostinger, but it is still not fully propagated, after two weeks. What could be the problem?
Shahid
  • 3
  • 2
0
votes
1 answer

Existing RRSIG with KSK, but no DS record

When getting the key for domaindiscount24.net, I got: domaindiscount24.net. 3600 IN DNSKEY 257 3 7…
vinz
  • 89
  • 1
  • 7
-1
votes
1 answer

How to find documentation about implementing DNSSEC?

I have a question about the implementation of DNSSEC. I have a DNS Server and I want to implement DNSSEC, but I can't find documentation for this. I have a lot of confusion about this topic since there is little documentation and little precision.…
Fabio Orefice Amez
  • 35
  • 5
-1
votes
1 answer

Authenticating DNS Queries

Is there any way to use a TSIG (or other) key in combination with a DNS query to authenticate into a DNS view for use with recursion? Something like: key trusted-key { algorithm HMAC-SHA256; secret "blonggggg"; }; acl trusted { key…
Tripp Kinetics
  • 115
  • 9
-1
votes
2 answers

How do I secure a zone with dlv.isc.org's DLV service?

I'm setting up domain-lookaside validation. I think I got mostly everything correct. I followed the directions here: https://dlv.isc.org/about/using. I registered my domain and uploaded the key signing key, signed my zone with -l dlv.isc.org option,…
jason dancks
  • 117
  • 3
-1
votes
0 answers

Propagation Error , Not Resolving from Some Countries

A year ago I moved one of my domains to a different server. since then I noticed mail deliverability issues to Korea so I recently checked my NS records, MX records but I noticed some countries include Korea and China was not yet (after 1 year)…
Mourad Al Damarawy
  • 1
  • 1
1 2 3
13
14