Highest Voted 'dnssec' Questions

2

votes

1 answer

How to generate ECDSA private and public key for DNSSEC using OpenSSL?

I am trying to create private and public keys for DNSSEC algorithm 13: #include #include #include #include #include int main() { EC_KEY *eckey = NULL; const EC_POINT…

asked May 02 '17 at 12:56

Oleg G

925
4
12

2

votes

0 answers

Parsing Private-Key format 1.2 with Python 3

Working with DNSSEC and PowerDNS I am trying to parse a Private Key format 1.2 with Python so I can get the corresponding Public key. Using pydnssec ( https://github.com/tomas-mazak/pydnssec ) I was able to generate the private key. They key looks…

python python-3.x dnssec powerdns

asked Jul 15 '16 at 09:38

Wido den Hollander

21
3

2

votes

0 answers

How to import DNSSEC private key into BouncyCastle

I've followed the steps outlined here to generate a signed Zone file: https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2 In the generation of that file, it gave me 2 private and public key…

c# cryptography bouncycastle private-key dnssec

asked Apr 18 '16 at 21:25

JBStevens6

143
1
1
5

2

votes

0 answers

How to correctly generate an RRSIG record for a DNSSEC response?

I am working on building a custom DNSSEC server that will respond to queries based on their subdomain. For example, queries of abc123.example.com would respond with 0.0.0.0 def456.example.com would respond with 1.1.1.1 I am using ARSoft Tools to…

c# .net dns dnssec

asked Apr 14 '16 at 14:47

JBStevens6

143
1
1
5

2

votes

0 answers

dane (TLSA) validation java

I need to validate the DANE certificate from random websites. I have tried https://www.bouncycastle.org/java.html (The Bouncy Castle Crypto APIs for Java) and there is an example that goes near to what I need:…

java android dnssec dane

asked Nov 19 '15 at 21:57

user1579879

21
3

1

vote

1 answer

BIND 9 restart performance with DNSSEC

At the moment i experimenting with the restart performance of BIND9 (version 9.16.17). With 26000 active zones in the named.conf, the restart is roundabout 10 seconds. but when i start using DNSSEC, at the moment with 500 signed zones (and 25500…

performance bind bind9 dnssec

asked Dec 21 '21 at 16:59

Phil

11
1

1

vote

2 answers

How do I hide dnssec keys from results when doing 'dig +trace microsoft.com'

Usually when I run dig commands, it hides the DNSSEC keys (the RRSIG, DS, and NSEC records). Per the man page for dig, you can use this option to enable/disable DNSSEC validation: +[no]dnssec But when combined with +trace it doesn't seem to work. I…

dns dig dnssec

asked Jun 08 '21 at 13:29

madacoda

363
4
11

1

vote

1 answer

What is the difference between DNS-over-HTTPS and DNSSEC?

I was just introduced to the Domain Name System Security Extensions (DNSSEC) and it sounds very similar to the concept of DNS-over-HTTPS (DoH) and DNS-over-TLS: to add privacy and security into DNS lookups. What are the main differences between…

dns dnssec dns-over-https

asked Sep 01 '20 at 19:57

MakisH

967
1
9
23

1

vote

2 answers

Creating valid RSA/SHA256 Key for DNSKEY Resource Record

I am writing DNS server on python and currently stuck with DNSKEY resource record for DNSSEC. According to RFC5702 RSA/SHA256 key components are: Given a private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 8…

python-3.x encryption dns rsa dnssec

asked Mar 07 '19 at 11:50

yurzs

81
7

1

vote

1 answer

To enable DNSSEC is it required to have namesevers set to the domain registrar?

In order to enable DNSSEC, is it required to have namesevers set to the domain registrar? I would like to enable DNSSEC, but my domain registrar doesn't allow me to, unless the nameservers are set to theirs. The problem is that I am using Cloudflare…

dns cloudflare dnssec

asked Sep 19 '18 at 20:41

bart

14,958
21
75
105

1

vote

1 answer

dnssec-dsfromkey showing unknown algorithm error

dsfromkey command to generate ds record with following digest types DSA/SHA1, RSA/SHA-1,DSA-NSEC3-SHA1, RSA/SHA-512, GOST R 34.10-2001 etc I am using the following command dnssec-dsfromkey -a keyfile eg: dnssec-dsfromkey -a GOST keyfile But its…

linux dns dnssec

asked Aug 31 '18 at 09:17

nidhin

359
1
3
13

1

vote

1 answer

DNSSEC using dnspython error: AttributeError: 'NS' object has no attribute 'is_absolute'

I have a DNS server for (com) zone. I use BIND 9.10.3 in Ubuntu. I want to use DNSSEC for DNS queries to this server. I have created ZSK and KSK and I have a signed zone file named forward.com.signed. The forward.com.signed file content is the…

python dns network-programming dnspython dnssec

asked May 24 '18 at 04:31

user9371654

2,160
16
45
78

1

vote

0 answers

managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success

I am running bind9 in a centos vps and started implementing dnssec so I have signed zonefiles for my domains but the following output shows up in the logfiles every hour named[12181]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.':…

linux dns bind dnssec

asked Jan 06 '18 at 17:19

Paul Nemeth

36
1
4

1

vote

2 answers

How do I enable DNSSEC in my CPANEL or VPS

I have a .leg.br domain It's a government dns domain, in this domain it is mandatory to use dnssec, but they told me I need to configure dnssec in my server to the domain works, main question is: How to enable dnssec on a vps hosting or via cpanel?…

dns cpanel vps dnssec

asked Mar 20 '17 at 13:01

Otávio Barreto

1,536
3
16
35

1

vote

1 answer

Do all DNS root servers and top-level-domain servers (TLD) support DNSSEC?

I know that DNSSEC has been widely implemented since 2010. For Authority name servers, it depends on the admin whether he wants to support DNSSEC or not. However, I would like to know whether or not all root name servers, and all TLD servers support…

python dns dig dnspython dnssec

asked Feb 10 '17 at 05:22

weefwefwqg3

961
10
23

Questions tagged [dnssec]