Stack Overflow
Stack Overflow

Questions tagged [dnssec]

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

67 questions
0
votes
0 answers

How to run a standalone DNSSEC root zone?

I got this white lab. It has its own top-level domain (TLD) name whitelab. and ISC Bind9 9.15 is used. This makes it possible to rollout many network testing scenarios in-house. How does one DNSSEC-sign this custom-made TLD such that it not only…
John Greene
  • 2,239
  • 3
  • 26
  • 37
0
votes
1 answer

Does Firebase Hosting provides support for DNSSEC?

Is there any support for DNSSEC for apps hosted on Firebase? According to these 2 reports not: https://viewdns.info/dnssec/?domain=firebaseapp.com https://viewdns.info/dnssec/?domain=web.app
Daniel Danielecki
  • 8,508
  • 6
  • 68
  • 94
0
votes
0 answers

Why don't Google and CloudFlare DNS-over-HTTPS support returning the DS RRSIG for DNSSEC?

Every other field required to perform DNSSEC validation is returned by these APIs, and the API protocol formats from Google and CloudFlare are exactly the same, yet both of them specifically omit the DS RRSIG field. Why is this the case? I figure…
Paul Shapiro
  • 882
  • 8
  • 15
0
votes
0 answers

How to return SERVFAIL and REFUSED codes using CAA Lookup?

I'm developing the validation of the CAA (Certification Authority Authorization) records for the SSL certificates issuance, according to RFC 6884. I would like to know how to check the FQDNs 15, 16, 18 and 19, which are present in the CAA Test Suite…
Cristiana da Costa
  • 1
0
votes
1 answer

Building the RDATA part of DNSKEY RR

I am in the process of finishing a Domain Registrar plugin for a billing system (which also manages domain provisioning in this case), and the last bit is related to implementing DNSSEC support. The Billing system is sending the following SAMPLE…
Carmageddon
  • 2,627
  • 4
  • 36
  • 56
0
votes
1 answer

Why ECDSA public key generated by OpenSSL doesn't match DNSKEY generated by DNS server?

I am trying to get public key from known private key for DNSSEC algorithm 13 (ECDSAP256SHA256). I used this example: https://stackoverflow.com/a/17062076/3090865 Which modified for my key looks this: // using figures on:…
Oleg G
  • 925
  • 4
  • 12
0
votes
0 answers

How to verify an IP address is DNSSEC-ed with dnspython?

I sent recursive DNS queries to root name servers, TLD servers, and authoritive servers for stanford.edu. Root response: TLD response: Authority response: At all 3 levels, I could see that DNSSEC is supported. How could I use dnspython and…
weefwefwqg3
  • 961
  • 10
  • 23
0
votes
2 answers

Mxtoobox: Loop detected! We were referred back to IP

I followed the tutorial for DNSSEC found in https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2 Here is my zone file: $ORIGIN . $TTL 86400 ; 1 day example.net IN SOA …
André Moreira
  • 139
  • 1
  • 2
  • 10
0
votes
1 answer

dnssec-keygen -n owner significance

I'm trying to set up ddns (dynamic dns) using keys generated with dnssec-keygen. I used -n USER "username", thinking this would limit use of the key to "username". However, anyone who has the key can do ddns updates, which is not what I want. I'd…
shefiguresitout
  • 1
0
votes
1 answer

DNSSEC - Do we have to store keys after we signed zones with them?

I'm now working on WMbind and I'm making a new module called 'signedzone' . And, I added one more table to wmbind database which is a keys table. So, as the questions asked above, do we have to store keys(in this case, I mean both KSK and ZSK) after…
Nui
  • 1
  • 1
0
votes
1 answer

getdns API: How do I know if a RESPSTATUS_NO_NAME response is secure?

I'm using the Python getdns API. I'm using the extensions: extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE} This means that I'm told if the responses are DNSSEC secured with the dnssec_status option in the reply dictionary.…
vy32
  • 28,461
  • 37
  • 122
  • 246
0
votes
1 answer

What is Canonical wire format of a DNS TSIG RR name?

As per RFC 2845 the TSIG RR key name should be in the Canonical wire format. What does canonical wire format exactly mean? I have gone through the RFC 2523 and it states that "For purposes of DNS security, the canonical form for an RR is the …
Gopi
  • 13
  • 2
0
votes
1 answer

Would integration with DPDK be beneficial in terms of performance for a DNS/DHCP/DNSSEC server?

DPDK seems to provide an impressive performance boost for certain applications but I don't think servers will benefit nearly as much as things like routers/switches. I haven't seen any mention of this being done or worked on so I am just wondering…
user2163300
  • 17
0
votes
0 answers

When using https but not DNSSEC, under what situation, a client is vulnerable?

So DNSSEC is to ensure that returned IP address is not poisoned. And https is to verify the remote server. My question is that when protected by https, under what circumstances, a client is vulnerable? Say I go to https://www.facebook.com, even…
Eniaczz
  • 73
  • 2
  • 6
0
votes
1 answer

DNSSEC setup for polish registrar?

Nazwa, a popular polish registrar requires these values to enable DNSSEC but I have searched all over the internet and I still do not know what values to put into the Nazwa panel. Also if someone manages to know what values are needed to be…
Aidan Nicholson
  • 11
  • 1
1 2 3
4
5