<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div><span style="font-size: 12pt; line-height: 1.5;"><br></span></div><div><span style="font-size: 12pt; line-height: 1.5;">Hi,</span></div><div><br></div><div>For ROOT and .com zones only KSK is used for DNSKEY RR set signing whereas comcast.com DNSKEY RR set is signed by both KSK and ZSK.</div><div><br></div><div>Best regards,</div><div>Maciej Andziński</div><div><br></div><hr id="zwchr"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><style>
BLOCKQUOTE {
MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em; MARGIN-TOP: 0px
}
OL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
UL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
P {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
BODY {
FONT-SIZE: 10.5pt; FONT-FAMILY: Microsoft YaHei UI; COLOR: #000000; LINE-HEIGHT: 1.5
}
</style><div><div>Dear friends:</div><div><div class="FoxDiv20141209164319361780" style="BACKGROUND-COLOR: white" data-mce-style="background-color: white;"><div>When the resolver sends the DNSKEY RR query, irrespecitve of keyrollover period, I think the response message should reply a KSK, a ZSK and a RRSIG(DNSKEY). However, when I capture the package with tcpdump, the response message is unanticipated.</div><div>I get the response with one KSK, two ZSKs and one RRSIG(DNSKEY)while we send DNSKEY RR query to root.</div><div>For example,</div><div><div><img id="mail_scale_image_4294967762_0" class=" mail_auto_scale_image mail_scale_image" src="cid:_Foxmail.0@BF923398-112A-4762-8D18-99EDA907C433" data-mce-src="cid:_Foxmail.0@BF923398-112A-4762-8D18-99EDA907C433"></div><div><div>I get the response with one KSK, one ZSKs and one RRSIG(DNSKEY)while we send DNSKEY RR query to com zone.</div><div>For example,</div><div><div><img id="mail_scale_image_4294967762_1" class=" mail_auto_scale_image mail_scale_image" src="cid:_Foxmail.1@3AAF7C20-A014-43AE-AEAB-E07D6E80B408" data-mce-src="cid:_Foxmail.1@3AAF7C20-A014-43AE-AEAB-E07D6E80B408"></div></div></div><div><div>I get the response with one KSK, one ZSKs and two RRSIG(DNSKEY)while we send DNSKEY RR query to comcast.com zone.</div><div>For example,</div><div><div><img id="mail_scale_image_4294967762_2" class=" mail_auto_scale_image mail_scale_image" src="cid:_Foxmail.2@02398007-AA8D-46B0-A701-7BFF5A54EFB0" data-mce-src="cid:_Foxmail.2@02398007-AA8D-46B0-A701-7BFF5A54EFB0"> .</div><div>So, my question is that what is the exact result of DNSKEY RR query, how I calculate their message size?</div></div><div> </div></div></div></div></div></div><div> </div><hr style="HEIGHT: 1px; WIDTH: 210px" align="left" size="1" data-mce-style="height: 1px; width: 210px;"><div><div style="FONT-SIZE: 10pt; FONT-FAMILY: verdana; MARGIN: 10px" data-mce-style="font-size: 10pt; font-family: verdana; margin: 10px;"><div>scottjiang1415@hotmail.com</div></div></div><br>_______________________________________________<br>dns-operations mailing list<br>dns-operations@lists.dns-oarc.net<br>https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>dns-jobs mailing list<br>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</blockquote><div><br></div></div></body></html>