[dns-operations] Looking for zones using white lies (RFC 4470)
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jan 27 05:19:18 UTC 2023
On Thu, Jan 26, 2023 at 08:33:21PM +0100, Stephane Bortzmeyer wrote:
> I'm looking for zones in the wild that are signed using the technique
> of white lies (RFC 4470).
>
> [Not the black lies used by Cloudflare.]
Three sample zones:
herokudns.com. IN SOA dns1.p05.nsone.net. hostmaster.nsone.net. 1661188672 600 900 1209600 10
herokudns.com. IN RRSIG SOA 13 2 60 20230128051202 20230126051202 44688 herokudns.com. [...]
foobarbaz.herokudns.com. IN NSEC \000.foobarbaz.herokudns.com. RRSIG NSEC
foobarbaz.herokudns.com. IN RRSIG NSEC 13 3 10 20230128051202 20230126051202 44688 herokudns.com. [...]
technohazard.io. IN SOA squid.technohazard.io. hostmaster at technohazard.io. 2022081701 900 300 86400 1800
technohazard.io. IN RRSIG SOA 13 2 3600 20230202180551 20230125150551 19807 technohazard.io. [...]
foobarbaz.technohazard.io. IN NSEC \000.foobarbaz.technohazard.io. A TYPE13 TXT AAAA TYPE29 TYPE37 TYPE44 RRSIG NSEC TLSA TYPE55 TYPE61 TYPE99
foobarbaz.technohazard.io. IN RRSIG NSEC 13 3 3600 20230204051400 20230127021400 19807 technohazard.io. [...]
cfccualerts.com. IN SOA ns1.dnsbycomodo.net. admin.dns.com. 2021101281 10800 864000 7200 7200
cfccualerts.com. IN RRSIG SOA 13 2 7200 20230129122400 20230109122400 39711 cfccualerts.com. [...]
foobarbaz.*.cfccualerts.com. IN NSEC \000.foobarbaz.*.cfccualerts.com. RRSIG NSEC
foobarbaz.*.cfccualerts.com. IN RRSIG NSEC 13 4 3600 20230129122400 20230109122400 39711 cfccualerts.com. [...]
--
Viktor.
More information about the dns-operations
mailing list