DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnssec@cafax.se
cc: team@nlnetlabs.nl
From: "Stephan Jager" <stephan@nlnetlabs.nl>
Date: Thu, 03 May 2001 16:58:38 +0200
Delivery-Date: Fri May 4 08:42:57 2001
Sender: owner-dnssec@cafax.se
Subject: SIG over KEY at parent

Hi,

I'm working on a chaser for DNSSEC in perl with the extensions Olaf
made. As the chaser can be seen as a stupid resolver with no knowledge
from the outside world, it has a problem getting a SIG over a KEY from a
nameserver its master/secundairy. In stead of the SIG over the parents KEY
I get a self-signed KEY, which is not usefull for chasing.

For example try this:

dig KEY +dnssec nlnetlabs.nl.nl @193.0.0.202
dig KEY +dnssec nlnetlabs.nl.nl @213.53.69.1
      (secundairy for nlnetlabs.nl.nl)

The first one gives me the SIG with the nl.nl KEY, the 2nd one gives me
the SIG with the nlnetlabs.nl.nl KEY. And yet there is no way for "me
simple chaser" to get the nl.nl SIG when I have only have the wrong
nameserver in the config.

Yet another reason to not have the zone KEY from the zone in the child,
but only at the parent.

Follow-Ups:
- Re: SIG over KEY at parent
  - From: Edward Lewis <lewis@tislabs.com>

Prev by Date: Re: Keys at apex problem - New PUBKEY RR?
Next by Date: bind9
Prev by thread: Net::DNS perl extent-ions
Next by thread: Re: SIG over KEY at parent
Index(es):
- Date
- Thread

Home | Date list | Subject list