[dns-operations] Research Project: Identifying DNSSEC Validators
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 6 19:56:53 UTC 2012
On Thu, Sep 06, 2012 at 10:43:12AM -0700,
Wessels, Duane <dwessels at verisign.com> wrote
a message of 39 lines which said:
> We changed the RRSIG-remover so that it won't remove the signatures
> from "validatorsearch.verisignlabs.com" itself. Hopefully that
> allows you to view the page now.
But we still have no signatures on the NSEC.
% dig +dnssec @vfns1.verisignlabs.com. AAAA validatorsearch.verisignlabs.com
; <<>> DiG 9.8.1-P1 <<>> @vfns1.verisignlabs.com. AAAA validatorsearch.verisignlabs.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10061
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;validatorsearch.verisignlabs.com. IN AAAA
;; AUTHORITY SECTION:
validatorsearch.verisignlabs.com. 3600 IN SOA vfns1.verisignlabs.com. root.packet-pushers.com. 2012080700 3600 300 604800 3600
validatorsearch.verisignlabs.com. 3600 IN NSEC *.validatorsearch.verisignlabs.com. A NS SOA RRSIG NSEC DNSKEY
;; Query time: 94 msec
;; SERVER: 72.13.58.100#53(72.13.58.100)
;; WHEN: Thu Sep 6 21:55:53 2012
;; MSG SIZE rcvd: 148
More information about the dns-operations
mailing list