Thanks Mich,

I am writing at article on DNSSEC and seems from the whole list you are the only techie who can do it.
You can imagine; if techies in Kenya are not even aware or are not doing it, what does it mean to awareness efforts.
Yes, it has its challenges even in the west, but I expected techies to be doing it

regards,
Becky

2009/6/10 Michuki Mwangi <michuki@swiftkenya.com>
Hi Rebecca,

Well if any way means also on my laptop ;) yes i can :)

take note of the "ad" in the answer section which means an authentic
data for the domain ripe.net using the bind running on my laptop.

Mich:~ michuki$ dig @localhost ripe.net +dnssec

; <<>> DiG 9.4.2-P2 <<>> @localhost ripe.net +dnssec
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24863
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ripe.net.                      IN      A

;; ANSWER SECTION:
ripe.net.               600     IN      A       193.0.19.25
ripe.net.               600     IN      RRSIG   A 5 2 600 20090710050007 20090610050007 52245
ripe.net. huL/wpj4RMKuxJqm3z1IT//vClKH3sNvbSjtmfb9Ch8UJm5KEL6CKfyH
tXDCJRJgEfZbCXBiTLTsLE94XSlhq+32WPHiK8q9ghRtAKjYUaoQutrg
LHkImtBnUKiLOL4vCP12SahOg6138KQmO7lT+TERgf+PCi5iQJBVAX0d
vQ431LwP87kL0WMkOpg141oUbK9fKdWW

;; AUTHORITY SECTION:
ripe.net.               172786  IN      NS      ns-pri.ripe.net.
ripe.net.               172786  IN      NS      ns3.nic.fr.
ripe.net.               172786  IN      NS      sunic.sunet.se.
ripe.net.               172786  IN      NS      sns-pb.isc.org.
ripe.net.               172800  IN      RRSIG   NS 5 2 172800 20090710050007 20090610050007
52245 ripe.net. Ky9V/O5i4Zrph9sXVdtAhwObnKRAKNC79qMiEFj6Es6/gGzEar5UGUud
/akZqI2qRqdlmveGpBlvXSXPKmDxqNRRw6F+lsLdHuQibb6aSLNazYtQ
ZilesDGfimfKZxHWJZOXoKZrQgd2mVJW/iKfl7RMP0GhY5dj+SNk8Ghm
QfmUU2o7PL/fbgAlloAxgXo5CwtFBbkO

;; ADDITIONAL SECTION:
ns-pri.ripe.net.        172786  IN      A       193.0.0.195
ns-pri.ripe.net.        172786  IN      AAAA    2001:610:240:0:53::3
ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20090710050007
20090610050007 52245 ripe.net.
MfmNGIDuS63Kibten1pA61+Bu+yDbua8M5cYFMTeAILYVIbaygEPNJ+i
ztkWsXdFME8ATJRzKzZ218PCFbGlp+YEgpSh4XPc1qk3gZMBijr6juoZ
uFdnKfyvlnFg3TD2mlpqwyyMQVnjtVJfODrrhm05TEhOlv+Nl4ouQmK3
Xob2e7XfVTbWBEqFPEDIpGqZZgUY3Sq8
ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20090710050007
20090610050007 52245 ripe.net.
LDQFyuRnGlJia/9DkNwzNwY5cFmo7EtMURY7chdYMr+PaaMSUxQGxb0x
fMWqsR/LPgv47zm5NC9am6TkzNkOsgdHBHNyBfnTYrORsthCf+6yX03i
2QgiQ2GajhlnxKcmCIp4ZNnQVPpx9mqRYIrjw4xFHjkVaT853sdVT/YM
nsA+LJJeCDzddsOaQF2xbPV8IpEv9R7n

;; Query time: 887 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 10 10:45:22 2009
;; MSG SIZE  rcvd: 958

Mich:~ michuki$

Also running on my laptop is a signed version of my.co.ke

Mich:~ michuki$ dig @localhost my.co.ke +dnssec

; <<>> DiG 9.4.2-P2 <<>> @localhost my.co.ke +dnssec
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63766
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;my.co.ke.                      IN      A

;; AUTHORITY SECTION:
my.co.ke.               300     IN      SOA     mich.my.co.ke. michuki\@my.co.ke. 2003060412 300
300 86400 300
my.co.ke.               300     IN      RRSIG   SOA 5 3 14400 20090514210335 20090414210335
30780 my.co.ke. fa/ckwmtf129esGLY+x9tRLbc5UfUN+6ym4vrcYU43wrc090dqX4Mmm6
ig/8yAhTDb1qKcIklQ0nIJGd/LHZuetaBLvq1aQ1enfUthaPR82yTmHu
HymNJTm6wyj3AdyAHVLeaC7mi5QziHnt8OhOMlb4TuyB2QFapNCeCHSz i3I=
my.co.ke.               300     IN      NSEC    mail.my.co.ke. NS SOA MX RRSIG NSEC DNSKEY
my.co.ke.               300     IN      RRSIG   NSEC 5 3 300 20090514210335 20090414210335 30780
my.co.ke. kQcNIHoFpxV5GGjIhmlb/PeKvUlYh1TcvZacAAwrM1d7Fd6jkQiKdsH+
Kie301HmjSVVJWbHw0tTfjX3DdpTdnUdfAQ35xR0L4cYknSTBzYvHE7j
JtUM+2oxpoVoluB13kZW3dKArpRpH88SKxsFOPk2h94+GKPcnRd4EJWK ZVs=

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 10 10:49:10 2009
;; MSG SIZE  rcvd: 461

Rebecca Wanjiku wrote:
> Hi,
> Just a quick question, how many techies on this list can do DNSSEC
> validation on behalf of a client or do validation in any way.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> Other services @ http://my.co.ke
> Other lists
> -------------
> Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general



--
Best regards,

Becky

254 720318925

beckyit.blogspot.com

twitter; wanjiku