[dns-operations] .nz DNSKEY encoding
Anton Berezin
tobez at tobez.org
Thu Jan 19 18:25:44 UTC 2012
On Thu, Jan 19, 2012 at 05:12:52PM +1300, Sebastian Castro wrote:
> Dear fellow DNS operators:
>
> Back in December, we sent a notice to the NZNOG (New Zealand Network
> Operators Group) mailing list explaining the particularities of the
> encoded representation of .nz DNSKEY, where the first 6 characters are
> "BAABAA" instead of "AwEAAb"
> The encoding for the .nz DNSKEY is different. According to RFC3110,
> Section 2
>
> --------------------------------------------------------------------
> Leading zero octets are prohibited in the exponent and modulus.
> --------------------------------------------------------------------
Validns (https://github.com/tobez/validns) just got a policy check
to detect and report such keys in a zone:
$ ./validns -pdnskey t/zones/dnskey-exponent.zone
t/zones/dnskey-exponent.zone:18: leading zero octets in public key exponent
t/zones/dnskey-exponent.zone:25: leading zero octets in public key exponent
\Anton.
--
Our society can survive even a large amount of irrational regulation.
-- John McCarthy
More information about the dns-operations
mailing list