|
|
 |
RE: [dns-wg] RIPE NCC DNSSEC on the reverse tree update.
-
To: "'Alexander Gall'" <>
-
From: "Brett Carr" <>
-
Date: Fri, 25 Nov 2005 14:41:34 +0100
> -----Original Message-----
> From: Alexander Gall [ ]
> Sent: 25 November 2005 11:48
> To: Brett Carr
> Subject: RE: [dns-wg] RIPE NCC DNSSEC on the reverse tree update.
>
> Brett,
> > Alex,
> > yes I should try it again if I were you. I was literally
> > configuring it as I sent the e-mail to the dns-wg. Let me
> know if it
> > doesnt work and I'll look into it.
>
> I submitted another request and this one succeeded :-)
>
> However, I think there is a problem with ns.ripe.net. It
> doesn't return DNSSEC RRsets when the DO flag is set in the query:
>
> ; <<>> DiG 9.4.0a2 <<>> @ns.ripe.net 176.195.in-addr.arpa.
> soa +dnssec +norec +noauth +noadd ; (2 servers found) ;;
> global options: printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 567 ;;
> flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;176.195.in-addr.arpa. IN SOA
>
> ;; ANSWER SECTION:
> 176.195.in-addr.arpa. 86400 IN SOA
> scsnms.switch.ch. hostmaster.switch.ch. 2005112409 28800 7200
> 604800 1800
>
> ;; Query time: 59 msec
> ;; SERVER: 2001:610:240:0:53::193#53(2001:610:240:0:53::193)
> ;; WHEN: Fri Nov 25 11:43:12 2005
> ;; MSG SIZE rcvd: 172
>
> This should include the RRSIG(SOA) record in the answer
> section, which is actually there if you ask for it directly
>
Alex,
I found a small config typo, which I have fixed, it should be ok now though.
Thanks for the feedback.
Brett..
--
Brett Carr RIPE Network Coordination Centre
Systems Engineer -- Operations Group Amsterdam, Netherlands
GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
|
|
|
|
