[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: DNS-over-HTTPS API not showing DS RRSIGs

On Thursday, February 15, 2018 at 11:57:28 PM UTC-5, Brian Chuk wrote:

I been trying to find RRSIG records that cover DS records but I haven't had any luck. Is the API just not able to look it up?
Here's an example that shows that the DS RRSIG clearly exists here.

$ dig @ +dnssec dnssec-name-and-shame.com. DS

; <<>> DiG 9.9.7-P3 <<>> @ +dnssec dnssec-name-and-shame.com. DS

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54027

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1


; EDNS: version: 0, flags: do; udp: 512


;dnssec-name-and-shame.com. IN DS


dnssec-name-and-shame.com. 83491 IN DS 52335 7 1 C65386878A4D9EB6A11707B1D4BD49D9B3C0BF55

dnssec-name-and-shame.com. 83491 IN RRSIG DS 8 2 86400 20180220052440 20180213041440 46967 com. yDJHiWDLnTlRRmpxUNxxrHHSkqht1pl1xZuwY9Y8f2AIzv3UHX1cMG+7 jyqk1kosQsBH1VF7AH7NT63MvmdB5cdnavhLS1NwEl1vuv6qxxYrdcg9 urORT+KMaxk04JYZeHi6CmtFXLEjbcPt8dxk45dCGTlHazI0iJcBozbS nJ4=

;; Query time: 26 msec


;; WHEN: Thu Feb 15 17:47:19 EST 2018

;; MSG SIZE  rcvd: 253

Yet when I search for the DS RRSIG in:
The second query above is returning the DS, but the RRSIG is nowhere to be found.

// https://dns.google.com/resolve?name=dnssec-name-and-shame.com.&type=DS

"Status": 0,
"TC": false,
"RD": true,
"RA": true,
"AD": true,
"CD": false,
"Question": [
"name": "dnssec-name-and-shame.com.",
"type": 43
"Answer": [
"name": "dnssec-name-and-shame.com.",
"type": 43,
"TTL": 86399,
"data": "52335 7 1 C65386878A4D9EB6A11707B1D4BD49D9B3C0BF55"
"Comment": "Response from"

I can't find it. Any ideas?

You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dns-discuss AT googlegroups.com
To unsubscribe from this group, send email to
public-dns-discuss+unsubscribe AT googlegroups.com
For more options, visit this group at
For more information on Google Public DNS, please visit
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
For more options, visit https://groups.google.com/d/optout.