[dns-operations] What is the exact response?

Maciej Andziński Maciej.Andzinski at nask.pl
Tue Dec 23 13:42:57 UTC 2014 

Hi, 

For ROOT and .com zones only KSK is used for DNSKEY RR set signing whereas comcast.com DNSKEY RR set is signed by both KSK and ZSK. 

Best regards, 
Maciej Andziński 

----- Oryginalna wiadomość -----

> Dear friends:
> When the resolver sends the DNSKEY RR query, irrespecitve of keyrollover
> period, I think the response message should reply a KSK, a ZSK and a
> RRSIG(DNSKEY). However, when I capture the package with tcpdump, the
> response message is unanticipated.
> I get the response with one KSK, two ZSKs and one RRSIG(DNSKEY)while we send
> DNSKEY RR query to root.
> For example,
> I get the response with one KSK, one ZSKs and one RRSIG(DNSKEY)while we send
> DNSKEY RR query to com zone.
> For example,
> I get the response with one KSK, one ZSKs and two RRSIG(DNSKEY)while we send
> DNSKEY RR query to comcast.com zone.
> For example,
> .
> So, my question is that what is the exact result of DNSKEY RR query, how I
> calculate their message size?

> scottjiang1415 at hotmail.com

> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141223/003d8a40/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: JKVB80E59[7]UC~0(12-23-15-50-54).png
Type: image/png
Size: 2796 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141223/003d8a40/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8W~3PN(F~7)@0%I5(12-23-15-50-54).png
Type: image/png
Size: 2609 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141223/003d8a40/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Q05C))$22O~Z$B0}(12-23-15-50-54).png
Type: image/png
Size: 2842 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141223/003d8a40/attachment-0002.png>

More information about the dns-operations mailing list