[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: DNS-over-HTTPS API not showing DS RRSIGs



Hello? I need help.

On Thursday, February 15, 2018 at 11:57:28 PM UTC-5, Brian Chuk wrote:
Hey,

I been trying to find RRSIG records that cover DS records but I haven't had any luck. Is the API just not able to look it up?
Here's an example that shows that the DS RRSIG clearly exists here.

$ dig @8.8.8.8 +dnssec dnssec-name-and-shame.com. DS


; <<>> DiG 9.9.7-P3 <<>> @8.8.8.8 +dnssec dnssec-name-and-shame.com. DS

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54027

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 512

;; QUESTION SECTION:

;dnssec-name-and-shame.com. IN DS


;; ANSWER SECTION:

dnssec-name-and-shame.com. 83491 IN DS 52335 7 1 C65386878A4D9EB6A11707B1D4BD49D9B3C0BF55

dnssec-name-and-shame.com. 83491 IN RRSIG DS 8 2 86400 20180220052440 20180213041440 46967 com. yDJHiWDLnTlRRmpxUNxxrHHSkqht1pl1xZuwY9Y8f2AIzv3UHX1cMG+7 jyqk1kosQsBH1VF7AH7NT63MvmdB5cdnavhLS1NwEl1vuv6qxxYrdcg9 urORT+KMaxk04JYZeHi6CmtFXLEjbcPt8dxk45dCGTlHazI0iJcBozbS nJ4=


;; Query time: 26 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Thu Feb 15 17:47:19 EST 2018

;; MSG SIZE  rcvd: 253



Yet when I search for the DS RRSIG in:
The second query above is returning the DS, but the RRSIG is nowhere to be found.

// https://dns.google.com/resolve?name=dnssec-name-and-shame.com.&type=DS


{
 
"Status": 0,
 
"TC": false,
 
"RD": true,
 
"RA": true,
 
"AD": true,
 
"CD": false,
 
"Question": [
   
{
     
"name": "dnssec-name-and-shame.com.",
     
"type": 43
   
}
 
],
 
"Answer": [
   
{
     
"name": "dnssec-name-and-shame.com.",
     
"type": 43,
     
"TTL": 86399,
     
"data": "52335 7 1 C65386878A4D9EB6A11707B1D4BD49D9B3C0BF55"
   
}
 
],
 
"Comment": "Response from 192.54.112.30."
}


I can't find it. Any ideas?

--
--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dns-discuss AT googlegroups.com
To unsubscribe from this group, send email to
public-dns-discuss+unsubscribe AT googlegroups.com
For more options, visit this group at
http://groups.google.com/group/public-dns-discuss
For more information on Google Public DNS, please visit
http://developers.google.com/speed/public-dns
========================================================
---
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
For more options, visit https://groups.google.com/d/optout.