Hi Rebecca, Well if any way means also on my laptop ;) yes i can :) take note of the "ad" in the answer section which means an authentic data for the domain ripe.net using the bind running on my laptop. Mich:~ michuki$ dig @localhost ripe.net +dnssec ; <<>> DiG 9.4.2-P2 <<>> @localhost ripe.net +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24863 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ripe.net. IN A ;; ANSWER SECTION: ripe.net. 600 IN A 193.0.19.25 ripe.net. 600 IN RRSIG A 5 2 600 20090710050007 20090610050007 52245 ripe.net. huL/wpj4RMKuxJqm3z1IT//vClKH3sNvbSjtmfb9Ch8UJm5KEL6CKfyH tXDCJRJgEfZbCXBiTLTsLE94XSlhq+32WPHiK8q9ghRtAKjYUaoQutrg LHkImtBnUKiLOL4vCP12SahOg6138KQmO7lT+TERgf+PCi5iQJBVAX0d vQ431LwP87kL0WMkOpg141oUbK9fKdWW ;; AUTHORITY SECTION: ripe.net. 172786 IN NS ns-pri.ripe.net. ripe.net. 172786 IN NS ns3.nic.fr. ripe.net. 172786 IN NS sunic.sunet.se. ripe.net. 172786 IN NS sns-pb.isc.org. ripe.net. 172800 IN RRSIG NS 5 2 172800 20090710050007 20090610050007 52245 ripe.net. Ky9V/O5i4Zrph9sXVdtAhwObnKRAKNC79qMiEFj6Es6/gGzEar5UGUud /akZqI2qRqdlmveGpBlvXSXPKmDxqNRRw6F+lsLdHuQibb6aSLNazYtQ ZilesDGfimfKZxHWJZOXoKZrQgd2mVJW/iKfl7RMP0GhY5dj+SNk8Ghm QfmUU2o7PL/fbgAlloAxgXo5CwtFBbkO ;; ADDITIONAL SECTION: ns-pri.ripe.net. 172786 IN A 193.0.0.195 ns-pri.ripe.net. 172786 IN AAAA 2001:610:240:0:53::3 ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20090710050007 20090610050007 52245 ripe.net. MfmNGIDuS63Kibten1pA61+Bu+yDbua8M5cYFMTeAILYVIbaygEPNJ+i ztkWsXdFME8ATJRzKzZ218PCFbGlp+YEgpSh4XPc1qk3gZMBijr6juoZ uFdnKfyvlnFg3TD2mlpqwyyMQVnjtVJfODrrhm05TEhOlv+Nl4ouQmK3 Xob2e7XfVTbWBEqFPEDIpGqZZgUY3Sq8 ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20090710050007 20090610050007 52245 ripe.net. LDQFyuRnGlJia/9DkNwzNwY5cFmo7EtMURY7chdYMr+PaaMSUxQGxb0x fMWqsR/LPgv47zm5NC9am6TkzNkOsgdHBHNyBfnTYrORsthCf+6yX03i 2QgiQ2GajhlnxKcmCIp4ZNnQVPpx9mqRYIrjw4xFHjkVaT853sdVT/YM nsA+LJJeCDzddsOaQF2xbPV8IpEv9R7n ;; Query time: 887 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:45:22 2009 ;; MSG SIZE rcvd: 958 Mich:~ michuki$ Also running on my laptop is a signed version of my.co.ke Mich:~ michuki$ dig @localhost my.co.ke +dnssec ; <<>> DiG 9.4.2-P2 <<>> @localhost my.co.ke +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63766 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;my.co.ke. IN A ;; AUTHORITY SECTION: my.co.ke. 300 IN SOA mich.my.co.ke. michuki\@my.co.ke. 2003060412 300 300 86400 300 my.co.ke. 300 IN RRSIG SOA 5 3 14400 20090514210335 20090414210335 30780 my.co.ke. fa/ckwmtf129esGLY+x9tRLbc5UfUN+6ym4vrcYU43wrc090dqX4Mmm6 ig/8yAhTDb1qKcIklQ0nIJGd/LHZuetaBLvq1aQ1enfUthaPR82yTmHu HymNJTm6wyj3AdyAHVLeaC7mi5QziHnt8OhOMlb4TuyB2QFapNCeCHSz i3I= my.co.ke. 300 IN NSEC mail.my.co.ke. NS SOA MX RRSIG NSEC DNSKEY my.co.ke. 300 IN RRSIG NSEC 5 3 300 20090514210335 20090414210335 30780 my.co.ke. kQcNIHoFpxV5GGjIhmlb/PeKvUlYh1TcvZacAAwrM1d7Fd6jkQiKdsH+ Kie301HmjSVVJWbHw0tTfjX3DdpTdnUdfAQ35xR0L4cYknSTBzYvHE7j JtUM+2oxpoVoluB13kZW3dKArpRpH88SKxsFOPk2h94+GKPcnRd4EJWK ZVs= ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:49:10 2009 ;; MSG SIZE rcvd: 461 Rebecca Wanjiku wrote:
Hi, Just a quick question, how many techies on this list can do DNSSEC validation on behalf of a client or do validation in any way.
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general