Re: [Dnssec-deployment] examples of deeper DNSSEC delegations

Sat, 20 Jun 2015 18:25:11 -0700 

On 21 Jun 2015, at 01:40, Michael Richardson <[email protected]> wrote:

> gov.uk would work, are there signed entries under that?

No. cabinet-office.gov.uk was signed for a brief test some months ago. But it 
isn't signed any more. AFAIK that was the only signed delegation in gov.uk.

If you're looking for deep signed delegations, in-addr.arpa would be your best 
bet:

gromit% drill -S 10.140.49.185.in-addr.arpa ptr
;; Number of trusted keys: 1
;; Chasing: 10.140.49.185.in-addr.arpa. PTR


DNSSEC Trust tree:
10.140.49.185.in-addr.arpa. (PTR)
|---140.49.185.in-addr.arpa. (DNSKEY keytag: 13128 alg: 8 flags: 256)
    |---140.49.185.in-addr.arpa. (DNSKEY keytag: 6107 alg: 8 flags: 257)
    |---140.49.185.in-addr.arpa. (DS keytag: 6107 digest type: 2)
        |---185.in-addr.arpa. (DNSKEY keytag: 31591 alg: 5 flags: 256)
            |---185.in-addr.arpa. (DNSKEY keytag: 49879 alg: 5 flags: 257)
            |---185.in-addr.arpa. (DS keytag: 49879 digest type: 1)
            |   |---in-addr.arpa. (DNSKEY keytag: 2485 alg: 8 flags: 256)
            |       |---in-addr.arpa. (DNSKEY keytag: 53696 alg: 8 flags: 257)
            |       |---in-addr.arpa. (DS keytag: 53696 digest type: 2)
            |           |---arpa. (DNSKEY keytag: 45159 alg: 8 flags: 256)
            |               |---arpa. (DNSKEY keytag: 42581 alg: 8 flags: 257)
            |               |---arpa. (DS keytag: 42581 digest type: 1)
            |               |   |---. (DNSKEY keytag: 48613 alg: 8 flags: 256)
            |               |       |---. (DNSKEY keytag: 19036 alg: 8 flags: 
257)
            |               |---arpa. (DS keytag: 42581 digest type: 2)
            |                   |---. (DNSKEY keytag: 48613 alg: 8 flags: 256)
            |                       |---. (DNSKEY keytag: 19036 alg: 8 flags: 
257)
            |---185.in-addr.arpa. (DS keytag: 49879 digest type: 2)
                |---in-addr.arpa. (DNSKEY keytag: 2485 alg: 8 flags: 256)
                    |---in-addr.arpa. (DNSKEY keytag: 53696 alg: 8 flags: 257)
                    |---in-addr.arpa. (DS keytag: 53696 digest type: 2)
                        |---arpa. (DNSKEY keytag: 45159 alg: 8 flags: 256)
                            |---arpa. (DNSKEY keytag: 42581 alg: 8 flags: 257)
                            |---arpa. (DS keytag: 42581 digest type: 1)
                            |   |---. (DNSKEY keytag: 48613 alg: 8 flags: 256)
                            |       |---. (DNSKEY keytag: 19036 alg: 8 flags: 
257)
                            |---arpa. (DS keytag: 42581 digest type: 2)
                                |---. (DNSKEY keytag: 48613 alg: 8 flags: 256)
                                    |---. (DNSKEY keytag: 19036 alg: 8 flags: 
257)
;; Chase successful

Reply via email to