Hi, Just a quick question, how many techies on this list can do DNSSEC validation on behalf of a client or do validation in any way. -- Best regards, Becky 254 720318925 beckyit.blogspot.com
Hi Rebecca, Well if any way means also on my laptop ;) yes i can :) take note of the "ad" in the answer section which means an authentic data for the domain ripe.net using the bind running on my laptop. Mich:~ michuki$ dig @localhost ripe.net +dnssec ; <<>> DiG 9.4.2-P2 <<>> @localhost ripe.net +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24863 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ripe.net. IN A ;; ANSWER SECTION: ripe.net. 600 IN A 193.0.19.25 ripe.net. 600 IN RRSIG A 5 2 600 20090710050007 20090610050007 52245 ripe.net. huL/wpj4RMKuxJqm3z1IT//vClKH3sNvbSjtmfb9Ch8UJm5KEL6CKfyH tXDCJRJgEfZbCXBiTLTsLE94XSlhq+32WPHiK8q9ghRtAKjYUaoQutrg LHkImtBnUKiLOL4vCP12SahOg6138KQmO7lT+TERgf+PCi5iQJBVAX0d vQ431LwP87kL0WMkOpg141oUbK9fKdWW ;; AUTHORITY SECTION: ripe.net. 172786 IN NS ns-pri.ripe.net. ripe.net. 172786 IN NS ns3.nic.fr. ripe.net. 172786 IN NS sunic.sunet.se. ripe.net. 172786 IN NS sns-pb.isc.org. ripe.net. 172800 IN RRSIG NS 5 2 172800 20090710050007 20090610050007 52245 ripe.net. Ky9V/O5i4Zrph9sXVdtAhwObnKRAKNC79qMiEFj6Es6/gGzEar5UGUud /akZqI2qRqdlmveGpBlvXSXPKmDxqNRRw6F+lsLdHuQibb6aSLNazYtQ ZilesDGfimfKZxHWJZOXoKZrQgd2mVJW/iKfl7RMP0GhY5dj+SNk8Ghm QfmUU2o7PL/fbgAlloAxgXo5CwtFBbkO ;; ADDITIONAL SECTION: ns-pri.ripe.net. 172786 IN A 193.0.0.195 ns-pri.ripe.net. 172786 IN AAAA 2001:610:240:0:53::3 ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20090710050007 20090610050007 52245 ripe.net. MfmNGIDuS63Kibten1pA61+Bu+yDbua8M5cYFMTeAILYVIbaygEPNJ+i ztkWsXdFME8ATJRzKzZ218PCFbGlp+YEgpSh4XPc1qk3gZMBijr6juoZ uFdnKfyvlnFg3TD2mlpqwyyMQVnjtVJfODrrhm05TEhOlv+Nl4ouQmK3 Xob2e7XfVTbWBEqFPEDIpGqZZgUY3Sq8 ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20090710050007 20090610050007 52245 ripe.net. LDQFyuRnGlJia/9DkNwzNwY5cFmo7EtMURY7chdYMr+PaaMSUxQGxb0x fMWqsR/LPgv47zm5NC9am6TkzNkOsgdHBHNyBfnTYrORsthCf+6yX03i 2QgiQ2GajhlnxKcmCIp4ZNnQVPpx9mqRYIrjw4xFHjkVaT853sdVT/YM nsA+LJJeCDzddsOaQF2xbPV8IpEv9R7n ;; Query time: 887 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:45:22 2009 ;; MSG SIZE rcvd: 958 Mich:~ michuki$ Also running on my laptop is a signed version of my.co.ke Mich:~ michuki$ dig @localhost my.co.ke +dnssec ; <<>> DiG 9.4.2-P2 <<>> @localhost my.co.ke +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63766 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;my.co.ke. IN A ;; AUTHORITY SECTION: my.co.ke. 300 IN SOA mich.my.co.ke. michuki\@my.co.ke. 2003060412 300 300 86400 300 my.co.ke. 300 IN RRSIG SOA 5 3 14400 20090514210335 20090414210335 30780 my.co.ke. fa/ckwmtf129esGLY+x9tRLbc5UfUN+6ym4vrcYU43wrc090dqX4Mmm6 ig/8yAhTDb1qKcIklQ0nIJGd/LHZuetaBLvq1aQ1enfUthaPR82yTmHu HymNJTm6wyj3AdyAHVLeaC7mi5QziHnt8OhOMlb4TuyB2QFapNCeCHSz i3I= my.co.ke. 300 IN NSEC mail.my.co.ke. NS SOA MX RRSIG NSEC DNSKEY my.co.ke. 300 IN RRSIG NSEC 5 3 300 20090514210335 20090414210335 30780 my.co.ke. kQcNIHoFpxV5GGjIhmlb/PeKvUlYh1TcvZacAAwrM1d7Fd6jkQiKdsH+ Kie301HmjSVVJWbHw0tTfjX3DdpTdnUdfAQ35xR0L4cYknSTBzYvHE7j JtUM+2oxpoVoluB13kZW3dKArpRpH88SKxsFOPk2h94+GKPcnRd4EJWK ZVs= ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:49:10 2009 ;; MSG SIZE rcvd: 461 Rebecca Wanjiku wrote:
Hi, Just a quick question, how many techies on this list can do DNSSEC validation on behalf of a client or do validation in any way.
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Thanks Mich, I am writing at article on DNSSEC and seems from the whole list you are the only techie who can do it. You can imagine; if techies in Kenya are not even aware or are not doing it, what does it mean to awareness efforts. Yes, it has its challenges even in the west, but I expected techies to be doing it regards, Becky 2009/6/10 Michuki Mwangi <michuki@swiftkenya.com>
Hi Rebecca,
Well if any way means also on my laptop ;) yes i can :)
take note of the "ad" in the answer section which means an authentic data for the domain ripe.net using the bind running on my laptop.
Mich:~ michuki$ dig @localhost ripe.net +dnssec
; <<>> DiG 9.4.2-P2 <<>> @localhost ripe.net +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24863 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ripe.net. IN A
;; ANSWER SECTION: ripe.net. 600 IN A 193.0.19.25 ripe.net. 600 IN RRSIG A 5 2 600 20090710050007 20090610050007 52245 ripe.net. huL/wpj4RMKuxJqm3z1IT//vClKH3sNvbSjtmfb9Ch8UJm5KEL6CKfyH tXDCJRJgEfZbCXBiTLTsLE94XSlhq+32WPHiK8q9ghRtAKjYUaoQutrg LHkImtBnUKiLOL4vCP12SahOg6138KQmO7lT+TERgf+PCi5iQJBVAX0d vQ431LwP87kL0WMkOpg141oUbK9fKdWW
;; AUTHORITY SECTION: ripe.net. 172786 IN NS ns-pri.ripe.net. ripe.net. 172786 IN NS ns3.nic.fr. ripe.net. 172786 IN NS sunic.sunet.se. ripe.net. 172786 IN NS sns-pb.isc.org. ripe.net. 172800 IN RRSIG NS 5 2 172800 20090710050007 20090610050007 52245 ripe.net. Ky9V/O5i4Zrph9sXVdtAhwObnKRAKNC79qMiEFj6Es6/gGzEar5UGUud /akZqI2qRqdlmveGpBlvXSXPKmDxqNRRw6F+lsLdHuQibb6aSLNazYtQ ZilesDGfimfKZxHWJZOXoKZrQgd2mVJW/iKfl7RMP0GhY5dj+SNk8Ghm QfmUU2o7PL/fbgAlloAxgXo5CwtFBbkO
;; ADDITIONAL SECTION: ns-pri.ripe.net. 172786 IN A 193.0.0.195 ns-pri.ripe.net. 172786 IN AAAA 2001:610:240:0:53::3 ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20090710050007 20090610050007 52245 ripe.net. MfmNGIDuS63Kibten1pA61+Bu+yDbua8M5cYFMTeAILYVIbaygEPNJ+i ztkWsXdFME8ATJRzKzZ218PCFbGlp+YEgpSh4XPc1qk3gZMBijr6juoZ uFdnKfyvlnFg3TD2mlpqwyyMQVnjtVJfODrrhm05TEhOlv+Nl4ouQmK3 Xob2e7XfVTbWBEqFPEDIpGqZZgUY3Sq8 ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20090710050007 20090610050007 52245 ripe.net. LDQFyuRnGlJia/9DkNwzNwY5cFmo7EtMURY7chdYMr+PaaMSUxQGxb0x fMWqsR/LPgv47zm5NC9am6TkzNkOsgdHBHNyBfnTYrORsthCf+6yX03i 2QgiQ2GajhlnxKcmCIp4ZNnQVPpx9mqRYIrjw4xFHjkVaT853sdVT/YM nsA+LJJeCDzddsOaQF2xbPV8IpEv9R7n
;; Query time: 887 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:45:22 2009 ;; MSG SIZE rcvd: 958
Mich:~ michuki$
Also running on my laptop is a signed version of my.co.ke
Mich:~ michuki$ dig @localhost my.co.ke +dnssec
; <<>> DiG 9.4.2-P2 <<>> @localhost my.co.ke +dnssec ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63766 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;my.co.ke. IN A
;; AUTHORITY SECTION: my.co.ke. 300 IN SOA mich.my.co.ke. michuki\@ my.co.ke. 2003060412 300 300 86400 300 my.co.ke. 300 IN RRSIG SOA 5 3 14400 20090514210335 20090414210335 30780 my.co.ke. fa/ckwmtf129esGLY+x9tRLbc5UfUN+6ym4vrcYU43wrc090dqX4Mmm6 ig/8yAhTDb1qKcIklQ0nIJGd/LHZuetaBLvq1aQ1enfUthaPR82yTmHu HymNJTm6wyj3AdyAHVLeaC7mi5QziHnt8OhOMlb4TuyB2QFapNCeCHSz i3I= my.co.ke. 300 IN NSEC mail.my.co.ke. NS SOA MX RRSIG NSEC DNSKEY my.co.ke. 300 IN RRSIG NSEC 5 3 300 20090514210335 20090414210335 30780 my.co.ke. kQcNIHoFpxV5GGjIhmlb/PeKvUlYh1TcvZacAAwrM1d7Fd6jkQiKdsH+ Kie301HmjSVVJWbHw0tTfjX3DdpTdnUdfAQ35xR0L4cYknSTBzYvHE7j JtUM+2oxpoVoluB13kZW3dKArpRpH88SKxsFOPk2h94+GKPcnRd4EJWK ZVs=
;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 10 10:49:10 2009 ;; MSG SIZE rcvd: 461
Rebecca Wanjiku wrote:
Hi, Just a quick question, how many techies on this list can do DNSSEC validation on behalf of a client or do validation in any way.
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Best regards, Becky 254 720318925 beckyit.blogspot.com twitter; wanjiku
On Wed, Jun 10, 2009 at 4:07 PM, Rebecca Wanjiku <rebecca.wanjiku@gmail.com>wrote:
Thanks Mich, I am writing at article on DNSSEC and seems from the whole list you are the only techie who can do it. You can imagine; if techies in Kenya are not even aware or are not doing it, what does it mean to awareness efforts. Yes, it has its challenges even in the west, but I expected techies to be doing it
regards, Becky
Becky, I can bet my life on the fact that Michuki is the only one doing it and evsn so, he must have done it just for fun. Not sure there are hardcore DNS admins in this country:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
participants (3)
-
Michuki Mwangi -
Odhiambo ワシントン -
Rebecca Wanjiku