Stack Overflow
Stack Overflow

Questions tagged [dnssec]

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

67 questions
1
vote
1 answer

How do I verify a root DNS trust anchor?

I am trying to verify root Key Signing Key (KSK) against the trust anchor (Kjqmt7v.crt) downloaded from here. I am getting root KSK using the Net::DNS module. I am very confused at present on how to verify that both are the same. I tried to convert…
shivams
  • 2,597
  • 6
  • 25
  • 47
1
vote
1 answer

RFC 4035 dnssec zone apex term

im reading RFC 4035 which has to do with DNSSec, and there's a term which is causing me trouble to get, which is the following - Zone Apex -, perhaps i sound like a rookie, but every help on this is very welcome. Thanks!!
Roberto Olivas
  • 63
  • 1
  • 1
  • 3
1
vote
0 answers

python error in subprocess command

I am trying to execute a subprocess, something done in my script a couple of times. But on the last one, it outputs an error I cannot find the solution to. The exact same command using the same files produced at the command line works just…
mine
  • 235
  • 2
  • 10
1
vote
1 answer

why do my sshfp records don't match?

I have a dnssec zone and want to publish ssh keys in, using sshfp. So, on the host which holds the keys, I run : ssh-keygen -r localhost which gives me the results : localhost IN SSHFP 1 1 223458a4e3f4cae23a2365a127a9fc5dbfc4df0b localhost IN…
22decembre
  • 549
  • 4
  • 8
  • 17
1
vote
1 answer

How to create Delegation Signer (DS) record for a subdomain with PowerDNS?

I have a domain mydomain.com. The DNS servers for this domain are under my control and I'm running PowerDNS there. I've set up DNSSEC for my main domain mydomain.com and I've registered the keys at registrar. Everything works fine for the main…
Sven
  • 856
  • 10
  • 10
1
vote
1 answer

dnssec-keygen outputfile with DSA private key

I've been trying to crack this for several days now and I don't seem to get it working. Basically I got a .private file which is the result of the following command: dnssec-keygen -C -a DSA -b 1024 -n HOST -T KEY Hostmame The file is in a certain…
Yoeri Smets
  • 142
  • 1
  • 9
0
votes
0 answers

DIG DS KO on server but OK on local

I’m trying to retrieve the domain DS entry for DNSSEC. I put this code in my file : n = dns.name.from_text(domain_name) answers = dns.resolver.resolve(n, rdtype=dns.rdatatype.DS) return [rdata.to_text() for rdata in answers] In local it's work, but…
Hugo Dos Santos
  • 1
  • 2
0
votes
1 answer

How to replace all lines between two comments and subtitute it with some text in sed

I have a problem that is very similar to those SO thread: Linux: How to replace all text between two lines and substitute it with the output of a variable using sed? how to replace all lines between two points and subtitute it with some text in…
Wisdom
  • 121
  • 1
  • 1
  • 13
0
votes
0 answers

How can I make a child zone on Oracle Cloud with DNSSEC , which it apparently doesn't support?

A few years ago, I moved my domains to a registrar that supports DNSSEC for .co.uk domains when I realised that Google Cloud Platform supported DNSSEC and SSHFP records. That worked fine on GCP. Now I am doing a lot of work with Oracle Cloud.…
paradroid
  • 219
  • 3
  • 12
0
votes
1 answer

bind9 with 'dnssec-policy default;' does not update zonerecords when signing

I'm running bind9 on ubuntu 20.04, package version is 1:9.16.1-0ubuntu2.11. I've configured it to do fully automatic DNSSEC signing, using the dnssec-policy default; statement in zone configuration. I have a few zones setup, but they don't seem to…
whyscream
  • 669
  • 6
  • 11
0
votes
0 answers

problem with script verifying RRSIGs using DNSPython

Im writing a script to verify rrsigs using dnspython but something is wrong with my code. The following is a snippet and its accompanying error message: domain = 'iana.org' server = '8.8.8.8' qname = dns.name.from_text(domain) # get…
Mnemosyne
  • 1,162
  • 4
  • 13
  • 45
0
votes
1 answer

Verifying NSEC3 records

I'm fiddling with DNSSEC, and I'd like to try to verify NSEC3 records generated by dnssec-signzone from bind9-utils (which I presume are valid). This is my zone file: $ORIGIN dnssectest.mvolfik.tk. $TTL 120 @ SOA dnssectestns.mvolfik.tk.…
M. Volf
  • 1,259
  • 11
  • 29
0
votes
0 answers

Does DNSSEC allow a TLS shortcut?

My understanding of the TLS 1.3 protocol is that the client authenticates the server by checking the public key in the certificate sent by the server. Before a client connects, the operating system typically has to do a DNS lookup of the server’s…
Witness Protection ID 44583292
  • 1,072
  • 1
  • 8
  • 25
0
votes
1 answer

How to find registrador of DS record

I bought a domain name magicescape.es a year ago. The issue is that this domain name has a DS record, but I didn't add it and can't delete or change. For .es domains, DNSSEC does not support. I spent a lot of time with the support of Godaddy and the…
Dzam
  • 211
  • 2
  • 8
0
votes
0 answers

DNSSEC: After signing child zone do I need to work my way up the chain and sign every parent zone?

So working through literature and tutorials DNSSEC is fairly straight forward. I sign a zone and hand the DS records to the parent zone, which in basic tutorials is your registrar thus completing the chain. I want to take this a bit further and…
loudcrowd
  • 45
  • 6
1 2
3
4 5