[dns-operations] Statement: Issues using BIND 9.4 & 9.5 with DLV and certain DNSSEC-signed zones
Eric Osterweil
eoster at cs.ucla.edu
Fri Apr 24 19:17:42 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Apr 24, 2009, at 12:10 PM, Chris Thompson wrote:
> On Apr 22 2009, Florian Weimer wrote:
>
>> * Michael Graff:
> [...]
>>> How many more weeks do you think we should delay re-adding .gov to
>>> dlv.isc.org? And what, specifically, do you suggest be the all-
>>> clear
>>> trigger?
>>
>> A working signed delegation for nist.gov (or any other child zone).
>
> We can tell that there *are* signed delegations from gov, even if we
> don't know what they are. "Working" is, I suppose, more difficult to
> judge.
>
> I collected a sample of 1271 NSEC3 records from the gov zone by random
> probing. (I guesstimate that I have very roughly half of them.) Of
> these
> 10 indicated the existence of a DS record, e.g.
> 5066E5JAKAO44M42VQK68BTJBEVGFFK9.gov. 10800 IN NSEC3 (
> 1 0 10 ABAB 50JLCITE3VVN0BUAUC0G5RJVO62P7DVU NS DS RRSIG )
We track 35 DNSSEC gov zones at SecSpider. We also track the gov
island as consisting of 9 "production" zones:
http://secspider.cs.ucla.edu/islands.html
People are welcome to look up the gov zones on our web site.
Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iEYEARECAAYFAknyEFoACgkQK/tq6CJjZQL3ZgCfaaqB8Ti0x1hh2yrKOrbMlpKS
gb4AnjqIloQoD7oDMQj79PI2h1/pOT79
=3SiM
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list