[dnssec-deployment] Signed Root @ IANA

Crocker Steve steve at shinkuro.com
Wed Aug 1 12:46:25 EDT 2007


Richard,

Re gathering TLD keys, please take a look at the CADR software.  Bill  
Manning can point you to it.  A small consortium of us sponsored its  
development.  If it's helpful to you, feel free to use it.

Thanks,

Steve

On Aug 1, 2007, at 12:33 PM, richard.lamb wrote:

> Bill, Lutz-
>
> I am glad there is interest! The setup is still in demo mode so it  
> is NOT
> ready for prime time.
>
> However, I find this feedback very helpful and would like more.
>
> Some TLD DS records are drawn from a secspider scraping and tld DNSKEY
> "dig"ing script.  PR does not appear to have KSK DNSKEYs so it  
> didn't get
> picked up (why doesn't it have KSK flags? Should I compute DS  
> records using
> the ZSK keys?).  I need to look into UM.
>
> .int, ip6.arpa....I am working on it....
>
> Rick Lamb
>
>
> -----Original Message-----
> From: DNSSEC deployment [mailto:dnssec-deployment at shinkuro.com] On  
> Behalf Of
> bmanning at vacation.karoshi.com
> Sent: Wednesday, August 01, 2007 8:49 AM
> To: DNSSEC deployment
> Cc: Lutz Donnerhacke
> Subject: Re: [dnssec-deployment] Signed Root @ IANA
>
> On Wed, Aug 01, 2007 at 03:41:32PM +0000, Lutz Donnerhacke wrote:
>> Does anybody know, why the signed IANA zones does not contain DS  
>> records.
>
> 	you might ask Richard Lamb.
>
>>
>> OTOH the root zone contains the DS records for BG, BR, and SE.
>> But PR and UM is missing.
>>
>> Is there any running NS providing the zones?
>
> well...
>
> 	as you have noted, UM is signed:
>
> ;; QUESTION SECTION:
> ;um.                            IN      DNSKEY
>
> ;; ANSWER SECTION:
> um.                     86400   IN      DNSKEY  257 3 5
> BQEAAAABYovxJHQFbd1b3OHBU7P0JZhu+Ed8SDGAmOLzSNUrqtKZ/jS+
> l9B2fDCfV4+O0n7Ignn9SwkL9xXQPNBDKkteJiUTP1qLI+Yh15psg08K
> wT72Ey4hvACUNBhji9JfQNGwRO4tVOitO87cC9SG96fV6PwenjqGMstt
> YYdXrzzLvwKs6uHzpRcau3/pdF/oOaOwGH+scOhB0UQOcIn8dNpUPFpG
> kdPlFSpZqMnTRwSukd7sZLemzvcUc0WW7XJJ/BimdSfp8xhgfMF1HveN
> NPGSJ8KLws/bT8FFjRselAg7VE4m46FmUA+jB84jBXsuX89AzgtKJwjP
> x8zV8RpFlG3EDlUhMCxLBKLZAnWT5RLmsfxRvePClJIP0cK3H1IW3YfF
> z0mBwuvxG1ne7on9k2iEDygEcLJz6dF/PVB3T/U/nrjiVEM7slMRXrsX
> h7gOgIPVmACg+Lz046H7LksY+3ewLH6GVLwsqeSEgc99VSnrM80alVDO
> zZi335LGWGQgYVk/DYQ+R+oPsKw0wwGQtHrwdAaclgGLScPiQMn2flpq G+gPEMM=
> um.                     86400   IN      DNSKEY  256 3 5
> BQEAAAABWKGuAb4M0TOuwtpI0ZX61nEYzheDbkNogz0/WMWEgNlWVxaC
> mtGQb7t34bFKZjdDCBIwm+YsaHXtjW+h2jKcxKmFlnxCOvHML+5mgc2t
> 2Is/i/Em6Tjo0ZH9MgQHMLyNWGFKbieFQYt8DhRl/ms2h0X5PelvZNNw
> WuJw0l/Tl8coSjFFoJJ9OWoDAodqja5tyDkRLEkVFu+AzwHvvBxVIoGt
> x7pJ0KGCp8GPRqOcHosVeZnlohb9BRzI0Wl5ZyOxFuoCyOWQ1cH1OsOU
> nrMj0Uka5oiTASb0h6/jr7bYOkl01USFjXuAMPceDeBx7KgX5I6nmyaz
> 9e9WDxSmWmC02LiRSZ4SaD/k1tCAl+9GiM6g4NtnyKHpX9iJWGye0/93
> MbeY/vKmO9acA0IG7GXcFsjagKHKnln+D2m2t04QKU2DEialBpqjQUVM
> 5r5fqIKXbbunrPUOjNAkWZBK6YhjJwA/0EmNhQM7ulucd3C8Iy2Z8aNX
> r2pU2m4yUDYz9vm7aCCtmFvO5jilCJJank69liIDSEOjSalRgeWDOmtE vGTtrkM=
>
> 	but Richard has not asked for the DS for this zone, nor have I
> 	found any way to transmit the data to him.  So its not clear why
> 	he should have a DS rr for UM.
>
> --bill
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here:
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: <http://mail.shinkuro.com:8100/ 
> Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>




More information about the Dnssec-deployment mailing list