Re: [dns-operations] Signing on the fly and UltraDNS

Paul Hoffman writes: > Greetings again. Those of us who research DNSSEC adoption in the real world > are being a bit stymied by some of the sign-on-the-fly systems, such as this > one, apparently from UltraDNS. (Similar results are given for any nonexistent > name in house.gov, such as

Re: [dns-operations] [Ext] Signing on the fly and UltraDNS

On Tue, Jan 05, 2021 at 08:07:16AM +0100, Vladimír Čunát wrote: > Off the top of my head, I don't even now how exactly is the escaping > specified in RFCs. That's easy, any *non-digit* character can be escaped with a preceding "\", or alternatively as a 3-digit *decimal* \DDD sequence. The

Re: [dns-operations] [Ext] Signing on the fly and UltraDNS

On 1/5/21 5:52 AM, Paul Hoffman wrote: I brought the issue to this mailing list, instead of to the UltraDNS folks, because I am using tools that expect host names instead of domain names (in this case, dig); now I have to write shims around them. In case it helps you, kdig escapes

Re: [dns-operations] [Ext] Signing on the fly and UltraDNS

On Tue, Jan 05, 2021 at 04:52:07AM +, Paul Hoffman wrote: > >> ~.anynameyouwans~.house.gov. 882 INNSEC > >> anynameyouwant!.house.gov. RRSIG NSEC > >> !~.house.gov. 882 IN NSEC-.house.gov. RRSIG NSEC > > > > Consequently, these choices are largely

Re: [dns-operations] [Ext] Signing on the fly and UltraDNS

On Jan 4, 2021, at 7:44 PM, Viktor Dukhovni wrote: > > On Tue, Jan 05, 2021 at 02:39:27AM +, Paul Hoffman wrote: > >> Greetings again. Those of us who research DNSSEC adoption in the real >> world are being a bit stymied by some of the sign-on-the-fly systems, >> such as this one,

Re: [dns-operations] Signing on the fly and UltraDNS

On Tue, Jan 05, 2021 at 02:39:27AM +, Paul Hoffman wrote: > Greetings again. Those of us who research DNSSEC adoption in the real > world are being a bit stymied by some of the sign-on-the-fly systems, > such as this one, apparently from UltraDNS. (Similar results are given > for any

[dns-operations] Signing on the fly and UltraDNS

Greetings again. Those of us who research DNSSEC adoption in the real world are being a bit stymied by some of the sign-on-the-fly systems, such as this one, apparently from UltraDNS. (Similar results are given for any nonexistent name in house.gov, such as "www1".) --Paul Hoffman # dig

Re: [dns-operations] DNSViz please support DNSSEC algorithm Ed25519 (15)

Hi Arsen, On 2021-01-04 09:30, Arsen STASIC wrote: > Hi Jerry, > > * Jerry Lundström [2021-01-04 09:19 (+0100)]: >> On 2020-12-30 12:42, Arsen STASIC wrote: >>> Could you please support DNSSEC algorithm Ed25519 (15)? >>> I think Casey Deccio has already added support for Ed25519. [0] >  

Re: [dns-operations] DNSViz please support DNSSEC algorithm Ed25519 (15)

Hi Jerry, * Jerry Lundström [2021-01-04 09:19 (+0100)]: On 2020-12-30 12:42, Arsen STASIC wrote: Could you please support DNSSEC algorithm Ed25519 (15)? I think Casey Deccio has already added support for Ed25519. [0] ^ [0]

Re: [dns-operations] DNSViz please support DNSSEC algorithm Ed25519 (15)

Hi Arsen, On 2020-12-30 12:42, Arsen STASIC wrote: > Could you please support DNSSEC algorithm Ed25519 (15)? > I think Casey Deccio has already added support for Ed25519. [0] While we (DNS-OARC) host and operate the public instance of DNSViz, the code is still owned and managed by Casey Deccio