Thanks Mich, I am writing at article on DNSSEC and seems from the whole list you are the only techie who can do it. You can imagine; if techies in Kenya are not even aware or are not doing it, what does it mean to awareness efforts. Yes, it has its challenges even in the west, but I expected techies to be doing it regards, Becky 2009/6/10 Michuki Mwangi <michuki@swiftkenya.com>
Hi Rebecca,
Well if any way means also on my laptop ;) yes i can :)
take note of the "ad" in the answer section which means an authentic data for the domain ripe.net using the bind running on my laptop.
Mich:~ michuki$ dig @localhost ripe.net +dnssec
; <<>> DiG 9.4.2-P2 <<>> @localhost ripe.net +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24863 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ripe.net. IN A
;; ANSWER SECTION: ripe.net. 600 IN A 193.0.19.25 ripe.net. 600 IN RRSIG A 5 2 600 20090710050007 20090610050007 52245 ripe.net. huL/wpj4RMKuxJqm3z1IT//vClKH3sNvbSjtmfb9Ch8UJm5KEL6CKfyH tXDCJRJgEfZbCXBiTLTsLE94XSlhq+32WPHiK8q9ghRtAKjYUaoQutrg LHkImtBnUKiLOL4vCP12SahOg6138KQmO7lT+TERgf+PCi5iQJBVAX0d vQ431LwP87kL0WMkOpg141oUbK9fKdWW
;; AUTHORITY SECTION: ripe.net. 172786 IN NS ns-pri.ripe.net. ripe.net. 172786 IN NS ns3.nic.fr. ripe.net. 172786 IN NS sunic.sunet.se. ripe.net. 172786 IN NS sns-pb.isc.org. ripe.net. 172800 IN RRSIG NS 5 2 172800 20090710050007 20090610050007 52245 ripe.net. Ky9V/O5i4Zrph9sXVdtAhwObnKRAKNC79qMiEFj6Es6/gGzEar5UGUud /akZqI2qRqdlmveGpBlvXSXPKmDxqNRRw6F+lsLdHuQibb6aSLNazYtQ ZilesDGfimfKZxHWJZOXoKZrQgd2mVJW/iKfl7RMP0GhY5dj+SNk8Ghm QfmUU2o7PL/fbgAlloAxgXo5CwtFBbkO
;; ADDITIONAL SECTION: ns-pri.ripe.net. 172786 IN A 193.0.0.195 ns-pri.ripe.net. 172786 IN AAAA 2001:610:240:0:53::3 ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20090710050007 20090610050007 52245 ripe.net. MfmNGIDuS63Kibten1pA61+Bu+yDbua8M5cYFMTeAILYVIbaygEPNJ+i ztkWsXdFME8ATJRzKzZ218PCFbGlp+YEgpSh4XPc1qk3gZMBijr6juoZ uFdnKfyvlnFg3TD2mlpqwyyMQVnjtVJfODrrhm05TEhOlv+Nl4ouQmK3 Xob2e7XfVTbWBEqFPEDIpGqZZgUY3Sq8 ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20090710050007 20090610050007 52245 ripe.net. LDQFyuRnGlJia/9DkNwzNwY5cFmo7EtMURY7chdYMr+PaaMSUxQGxb0x fMWqsR/LPgv47zm5NC9am6TkzNkOsgdHBHNyBfnTYrORsthCf+6yX03i 2QgiQ2GajhlnxKcmCIp4ZNnQVPpx9mqRYIrjw4xFHjkVaT853sdVT/YM nsA+LJJeCDzddsOaQF2xbPV8IpEv9R7n
;; Query time: 887 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:45:22 2009 ;; MSG SIZE rcvd: 958
Mich:~ michuki$
Also running on my laptop is a signed version of my.co.ke
Mich:~ michuki$ dig @localhost my.co.ke +dnssec
; <<>> DiG 9.4.2-P2 <<>> @localhost my.co.ke +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63766 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;my.co.ke. IN A
;; AUTHORITY SECTION: my.co.ke. 300 IN SOA mich.my.co.ke. michuki\@ my.co.ke. 2003060412 300 300 86400 300 my.co.ke. 300 IN RRSIG SOA 5 3 14400 20090514210335 20090414210335 30780 my.co.ke. fa/ckwmtf129esGLY+x9tRLbc5UfUN+6ym4vrcYU43wrc090dqX4Mmm6 ig/8yAhTDb1qKcIklQ0nIJGd/LHZuetaBLvq1aQ1enfUthaPR82yTmHu HymNJTm6wyj3AdyAHVLeaC7mi5QziHnt8OhOMlb4TuyB2QFapNCeCHSz i3I= my.co.ke. 300 IN NSEC mail.my.co.ke. NS SOA MX RRSIG NSEC DNSKEY my.co.ke. 300 IN RRSIG NSEC 5 3 300 20090514210335 20090414210335 30780 my.co.ke. kQcNIHoFpxV5GGjIhmlb/PeKvUlYh1TcvZacAAwrM1d7Fd6jkQiKdsH+ Kie301HmjSVVJWbHw0tTfjX3DdpTdnUdfAQ35xR0L4cYknSTBzYvHE7j JtUM+2oxpoVoluB13kZW3dKArpRpH88SKxsFOPk2h94+GKPcnRd4EJWK ZVs=
;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:49:10 2009 ;; MSG SIZE rcvd: 461
Rebecca Wanjiku wrote:
Hi, Just a quick question, how many techies on this list can do DNSSEC validation on behalf of a client or do validation in any way.
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Best regards, Becky 254 720318925 beckyit.blogspot.com twitter; wanjiku