[dns-operations] validation problem on 1.1.1.1
T.Suzuki
tss at reflection.co.jp
Fri Jan 31 05:13:55 UTC 2020
Why don't many of your 1.1.1.1 instances validate DNSSEC signatures?
I noticed at 29 Jan 2020 21:05:31 -0000.
ex.
--- No AD Flag ---
~% drill -D www.ietf.org @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 37059
;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.ietf.org. IN A
;; ANSWER SECTION:
www.ietf.org. 1725 IN CNAME www.ietf.org.cdn.cloudflare.net.
www.ietf.org. 1725 IN RRSIG CNAME 5 3 1800 20210127000323 20200127230611 40452 ietf.org. fX/FCVGya8pIk/2cMDWu3+iNKyWd0GLK4g6wtwp8v7rjp+nynpRm1jOanP20p36Dod4qj0IdoMGu3PN2756QZW7LzQ6nS+x7Re37Q52BP89ADXZ5J5tLlcaRl0MEyoj6/Cyv6cW+GH8sK0PwYmE11mVzezI3ZrADWvTCmgNxEpxHxoF0jlpJ0+JVt9gP2bbHWg0uF2yspTwspaoCSRcaO6KFKnkkQXI2PFhgk0w/Od4NXe86V64U1WtMGcqNyGOe0zcq4HPmiiW+lvZab6QuZJ8kq/A5HrDw66MzuRK5S2PJFjoF7lna9OIru9JXT+FcHmozUpI9lwLJIwI5IRt11g==
www.ietf.org.cdn.cloudflare.net. 225 IN A 104.20.0.85
www.ietf.org.cdn.cloudflare.net. 225 IN RRSIG A 13 6 300 20200201051316 20200130031316 34505 cloudflare.net. 5ENTxqytYAMLW2cDtBiWLaEYDm9xMRplDZuoj/U084rAZoyjxwIrn3F+B2KfGldleYB5gbyvUPbPuv41lsoOUQ==
www.ietf.org.cdn.cloudflare.net. 225 IN A 104.20.1.85
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 196 msec
;; EDNS: version 0; flags: do ; udp: 1452
;; SERVER: 1.1.1.1
;; WHEN: Fri Jan 31 13:14:32 2020
;; MSG SIZE rcvd: 536
--- With AD Flag ---
~% drill -D www.ietf.org @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 23813
;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.ietf.org. IN A
;; ANSWER SECTION:
www.ietf.org. 1578 IN CNAME www.ietf.org.cdn.cloudflare.net.
www.ietf.org. 1578 IN RRSIG CNAME 5 3 1800 20210127000323 20200127230611 40452 ietf.org. fX/FCVGya8pIk/2cMDWu3+iNKyWd0GLK4g6wtwp8v7rjp+nynpRm1jOanP20p36Dod4qj0IdoMGu3PN2756QZW7LzQ6nS+x7Re37Q52BP89ADXZ5J5tLlcaRl0MEyoj6/Cyv6cW+GH8sK0PwYmE11mVzezI3ZrADWvTCmgNxEpxHxoF0jlpJ0+JVt9gP2bbHWg0uF2yspTwspaoCSRcaO6KFKnkkQXI2PFhgk0w/Od4NXe86V64U1WtMGcqNyGOe0zcq4HPmiiW+lvZab6QuZJ8kq/A5HrDw66MzuRK5S2PJFjoF7lna9OIru9JXT+FcHmozUpI9lwLJIwI5IRt11g==
www.ietf.org.cdn.cloudflare.net. 300 IN A 104.20.0.85
www.ietf.org.cdn.cloudflare.net. 300 IN A 104.20.1.85
www.ietf.org.cdn.cloudflare.net. 300 IN RRSIG A 13 6 300 20200201051436 20200130031436 34505 cloudflare.net. cgg3sYERXPXlx4u1y5XKEFzaGHbJO/tiEqzpkC94JLyrlqAz4mG4ika+OeMaIIrnG80NDxuzA1XBXDyy9smldA==
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 39 msec
;; EDNS: version 0; flags: do ; udp: 1452
;; SERVER: 1.1.1.1
;; WHEN: Fri Jan 31 13:14:36 2020
;; MSG SIZE rcvd: 555
--
------------------------------------------------------------------------------
T.Suzuki
More information about the dns-operations
mailing list