Gentoo Archives: gentoo-dev

From:	Benjamin Lee <ben@××××××.com>
To:	gentoo-dev@l.g.o
Subject:	*Re: [gentoo-dev] DNSSEC (w/ DLV) live on .dev.gentoo.org**
Date:	Mon, 07 Jan 2013 23:40:46
Message-Id:	`50EB5CBF.1030209@b1c1l1.com`
In Reply to:	Re: [gentoo-dev] DNSSEC (w/ DLV) live on *.dev.gentoo.org by Maxim Kammerer

1	On 01/07/2013 06:34 AM, Maxim Kammerer wrote:
2	> browser plugins? Also, how widespread is client DNSSEC support? E.g.,
3	> I enabled DNSSEC for my domain, but not sure yet whether DNS
4	> resolution anywhere will fail in case DNS responses are spoofed.
5
6	Comcast runs dnssec-failed.org, which is convenient for testing out some
7	DNSSEC validation failure cases. Using a validating resolver, my client
8	sees SERVFAIL:
9
10	$ host dnssec-failed.org.
11	Host dnssec-failed.org not found: 2(SERVFAIL)
12
13	and here are some example logs from the resolver (running BIND):
14
15	named[80369]: validating @0x804ee5500: dnssec-failed.org DNSKEY: no valid signature found (DS)
16	named[80369]: error (no valid RRSIG) resolving 'dnssec-failed.org/DNSKEY/IN': 68.87.76.228#53
17
18
19	--
20	Benjamin Lee
21	http://www.b1c1l1.com/

File name	MIME type
signature.asc	application/pgp-signature

Subject	Author
Re: [gentoo-dev] DNSSEC (w/ DLV) live on *.dev.gentoo.org	Michael Weber <xmw@g.o>