ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ietf.org now DNSSEC-bogus :-(

2014-06-27 05:51:06
from [Stephane Bortzmeyer] [Permanent Link] 
[Sent by using a mail server with a non-validating resolver...]

The delegation at .org still indicates the old name servers but the
zone contains the new ones, at Cloudflare.

% dig @ns0.amsl.com. NS ietf.org

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @ns0.amsl.com. NS ietf.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51586
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ietf.org.              IN NS

;; ANSWER SECTION:
ietf.org.               1800 IN NS jack.ns.cloudflare.com.
ietf.org.               1800 IN NS dora.ns.cloudflare.com.
ietf.org.               1800 IN RRSIG NS 5 2 1800 20150627101542 (
                                20140627091717 40452 ietf.org.
                                cGLMaGJyWGuBsUJ43Ot5c1N8A0pe0DYpML2qhnCdvWAv
                                SAiuyejFv0yjSXT2dAA4gM/lRMw6Ii07wus1S7GKAcS3
                                df2Rr2ltVxl3NWvo7cKXVAQN59QL2Er2G0J71zEBwMZu
                                dx6UznWSBWf9IrNvDn6VHZkUzKOxcExtnOgV9iwk3Pef
                                UfJpvHelQXo4DgYI5a2wCpuLcljLfb62GYu/N4vLYOLB
                                hGxyygvDnCriYSGFlVO7bhqA6bFbZWK/g8G26zEqE+ix
                                +XjkiV9hBR1xSadgiqPi28sBAFy+zyvVrrkracgzFGzC
                                5Jz2dAE+c6Haw8Es74sizo3VZ7M5tnKU+w== )

;; Query time: 75 msec
;; SERVER: 64.170.98.2#53(64.170.98.2)
;; WHEN: Fri Jun 27 12:46:31 2014
;; MSG SIZE  rcvd: 388

The cloudflare name servers does not server RRSIG or DNSKEY :-(

% dig @jack.ns.cloudflare.com. DNSKEY ietf.org

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @jack.ns.cloudflare.com. DNSKEY ietf.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29097
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ietf.org.              IN DNSKEY

;; AUTHORITY SECTION:
ietf.org.               86400 IN SOA dora.ns.cloudflare.com. 
dns.cloudflare.com. (
                                2015553176 ; serial
                                10000      ; refresh (2 hours 46 minutes 40 
seconds)
                                2400       ; retry (40 minutes)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )

;; Query time: 8 msec
;; SERVER: 2400:cb00:2049:1::adf5:3b79#53(2400:cb00:2049:1::adf5:3b79)
;; WHEN: Fri Jun 27 12:49:46 2014
;; MSG SIZE  rcvd: 99
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Weekly posting summary for ietf(_at_)ietf(_dot_)org, Thomas Narten
Next by Date:  Re: ietf.org now DNSSEC-bogus :-(, Stephane Bortzmeyer
Previous by Thread:  econd draft list of qualified volunteers for 2014-2015 nomcom, NomCom Chair 2014
Next by Thread:  Re: ietf.org now DNSSEC-bogus :-(, Stephane Bortzmeyer
Indexes:  [Date] [Thread] [Top] [All Lists]