AAAA is the base64 encoding of 3 zero octet. If named was using a hex encoding it would be 000000.
-- Mark Andrews > On 11 Jul 2019, at 06:45, Bob Harold <[email protected]> wrote: > > >> On Wed, Jul 10, 2019 at 2:21 AM Mark Andrews <[email protected]> wrote: >> I’ve written up a method to defeat UDP fragmentation attacks using TSIG. >> >> https://tools.ietf.org/html/draft-andrews-dnsop-defeat-frag-attack-00 >> >> If we are going to discuss methods to defeat such attacks this should be >> considered. >> >> -- >> Mark Andrews, ISC > > Looks like a useful workaround. > > 2. The Well Known Key > > The well known key has a owner name of "." and uses HMAC-SHA256 > [RFC4635] as its algorithm with a key of 256 zero bits. > > -- but later: > > A.1. BIND 9 > > Add the following to named.conf. Some end-of-life versions do not > support HMAC-SHA256. > > key "." { > algorithm hmac-sha256; > secret "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; > }; > > -- Does a key of 256 zeros translate to a string of "A" characters? I am not > an expert on HMAC-SHA256. > > -- > Bob Harold
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
