> On Sat, 23 Aug 2008, Mark Andrews wrote:
> >
> > > On Fri, 22 Aug 2008, Mark Andrews wrote:
> > > > David do you have a nameserver we can bounce queries off
> > > > which has the root zone signed as it would be in production?
> > >
> > > VeriSign's root DNSSEC testbed is serving a root zone that is not
> > > modified before signing. See http://webroot.verisignlabs.com and send
> > > your DNS queries to root.verisignlabs.com.
> > >
> > > Matt
> >
> > root-servers.net needs to be configured on to this server.
> >
> > % dig ns . +dnssec +bufsize=1460 @root.verisignlabs.com +vc
>
> Done.
>
> Note that the root-servers.net zone as configured on
> root.verisignlabs.com is not signed, since the root-servers.net zone
> would not be signed, nor would it need to be, if the root were
> signed.
We can argue about that. A second server with a signed
root-servers.net would still be useful for testing as
it will be signed one day.
> Matt
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
The lowest two common EDNS buffer sizes are fine with this
as it sets TC ([EMAIL PROTECTED]) or is complete ([EMAIL PROTECTED]).
Mark
; <<>> DiG 9.3.4-P1 <<>> ns . +dnssec +bufsize=512 @root.verisignlabs.com
+ignore
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58929
;; flags: qr aa tc rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS e.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS a.root-servers.net.
;; Query time: 235 msec
;; SERVER: 72.13.36.80#53(72.13.36.80)
;; WHEN: Wed Aug 27 10:57:27 2008
;; MSG SIZE rcvd: 239
; <<>> DiG 9.3.4-P1 <<>> ns . +dnssec +bufsize=1200 @root.verisignlabs.com
+ignore
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24976
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 20
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS e.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN RRSIG NS 5 0 518400 20080902070000
20080826060000 65403 . W/7EJgWMzUkiuqIme/xTs79GNoAUiz9LlK1F27YqBV9HJ9EYLtuQj7Ch
wkbde8AcggQCP8BDPiCtZYg7+vu02n/Jrar+D3Sn8tKH38G/ImfPPDVT
RKMadURlhzjnnzswZar7MaVewBQLel3CNC4QyI+IAkH86wiJ9gyVVQX8
bcyIFXpOseE9u+554xQxJCByyZ6eQkeLz/AKzST4Zgv+4bo9B7g+tvgY
bIryeN+Bh2UukOE32F1nImXwyd0LtjE42qTYFONObb1945lPcGwmDyOa
uvLgBOozpjUJ6iGyl4aZQIMSn/pLnBp57/w77eBsC3LWZxIUR9mGyYqY Py8UDw==
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN A 193.0.14.129
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 236 msec
;; SERVER: 72.13.36.80#53(72.13.36.80)
;; WHEN: Wed Aug 27 10:58:06 2008
;; MSG SIZE rcvd: 901
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
