[dns-operations] Edge-case, zero-length DNSKEYs

Mark Andrews marka at isc.org
Thu Oct 8 06:51:14 UTC 2020 

Looks like the DNSKEY RRsets have been updated.

[beetle:~/git/bind9] marka% dig dnskey  nlagriculture.nl
;; BADCOOKIE, retrying.

; <<>> DiG 9.15.4+hotspot+add-prefetch+marka <<>> dnskey nlagriculture.nl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7327
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2abce7afecaffe13010000005f7eb696ecc35e7f384fbd2b (good)
;; QUESTION SECTION:
;nlagriculture.nl.		IN	DNSKEY

;; ANSWER SECTION:
nlagriculture.nl.	86400	IN	DNSKEY	257 3 13 vRMOgGXuo/RaeD1XNWmDPvSDQDCNRa68OTq+/BqucA25ACppkunDt5fn RF2IL76ZpybyG7W8IBNYj7dpYrzWOg==

;; Query time: 1304 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 08 17:49:58 AEDT 2020
;; MSG SIZE  rcvd: 153

[beetle:~/git/bind9] marka% dig dnskey    nlenergyandclimatechange.nl.
;; BADCOOKIE, retrying.

; <<>> DiG 9.15.4+hotspot+add-prefetch+marka <<>> dnskey nlenergyandclimatechange.nl.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37042
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d40d344c2a1b4a8f010000005f7eb6a96621ec9c6b9874ea (good)
;; QUESTION SECTION:
;nlenergyandclimatechange.nl.	IN	DNSKEY

;; ANSWER SECTION:
nlenergyandclimatechange.nl. 86400 IN	DNSKEY	257 3 13 SURx8TOW5B07Hl7VRfnR/OFKK5J1i2KX/6AiUSUtK/oAZFwYxIuH24xx ZOYGP9MB2ccKg7A0bv1liYpu7BmE0w==

;; Query time: 672 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 08 17:50:17 AEDT 2020
;; MSG SIZE  rcvd: 164

[beetle:~/git/bind9] marka% 


> On 7 Oct 2020, at 19:55, Marco Davids (SIDN) via dns-operations <dns-operations at dns-oarc.net> wrote:
> 
> 
> From: "Marco Davids (SIDN)" <marco.davids at sidn.nl>
> Subject: Re: [dns-operations] Edge-case, zero-length DNSKEYs
> Date: 7 October 2020 at 19:55:58 AEDT
> To: dns-operations at lists.dns-oarc.net
> 
> 
> I have contacted the DNS operator and they are working on it.
> 
> -- 
> Marco
> 
> Op 06-10-2020 om 19:33 schreef Viktor Dukhovni:
> 
>> After an algorithm rollover (RSA 8 -> ECDSA P256 13) a couple of days
>> backs, two domains now have new zero-length RSA 8 KSKs, along with
>> working new ECDSA KSKs:
> 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list