DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnssec@cafax.se
From: Miek Gieben <miekg@atoom.net>
Date: Wed, 4 Dec 2002 15:07:36 +0100
Content-Disposition: inline
Mail-Followup-To: dnssec@cafax.se
Sender: owner-dnssec@cafax.se
User-Agent: Vim/Mutt/Linux
Subject: prototype dnssec resolver

Hello,

i've just finished a prototype DNSSEC resolver. It is written in perl and
can currently securely resolve a .nl domain. It also handles NXT record
to some extend.

It cannot handle domains outside .nl or query the root directly. I'm
attaching the files so that you can play with it. It is VERY alpha, but
i'm interested in feedback/patches/questions/etc. 

bakbeest.sidn.nl and alpha.nlnetlabs.nl are authoritative servers for
the secured .nl domains. One of these must be used as a starting point.

Thus for instance:
./resolver @bakbeest.sidn.nl a.disi.nl TXT 
( ./resolver -c  @bakbeest.sidn.nl a.disi.nl TXT gives colored output )

( ./resolver @bakbeest.sidn.nl www.secure.miek.nl cname is also
    interesting, because secure.miek.nl has 2 delegations )

Performing: dig @bakbeest.sidn.nl a.disi.nl txt

        nl
        --
KEY, keyid: 6869, nl.   [trusted key]
KEY, keyid: 6869, nl.
DS,  keyid: 61952, disi.nl.
SIG(DS), trusted   via keyid: 6869@nl.
        blesses:
                DS,  keyid: 61952, disi.nl.
SIG(KEY), trusted   via keyid: 6869@nl.
        blesses:
                KEY, keyid: 6869, nl.

[  trusted ]
KEY, key-id: 6869, nl.
DS,  key-id: 61952, disi.nl.
[ /trusted ]
        |
        | referral @bert.secret-wg.org. sprout.ripe.net.
        |
        disi.nl
        -------
TXT, a.disi.nl.
KEY, keyid: 61952, disi.nl.
KEY, keyid: 34796, disi.nl.
KEY, key-id: 61952 trusted via DS, disi.nl
SIG(KEY), untrusted via keyid: 34796@disi.nl.
KEY may be blessed by corresponding DS
SIG(KEY), trusted   via keyid: 61952@disi.nl.
        blesses:
                KEY, keyid: 61952, disi.nl.
                KEY, keyid: 34796, disi.nl.
SIG(DS) verification failed
SIG(TXT), trusted   via keyid 34796@disi.nl.
        blesses:
                TXT, a.disi.nl.
[  trusted ]
KEY, key-id: 6869, nl.
DS,  key-id: 61952, disi.nl.
KEY, key-id: 61952, disi.nl.
KEY, key-id: 34796, disi.nl.
TXT,  a.disi.nl.
[ /trusted ]

-----------------------

The RRs between the '[ trusted ]' and '[ /trusted ]' lines are RRs that
are verified and present in the cache.

grtz Miek
NLnet Labs

--
:wq!

resolv.tgz

Next by Date: links about dns and DDOS
Next by thread: links about dns and DDOS
Index(es):
- Date
- Thread

Home | Date list | Subject list