View Single Post
  #2   (View Single Post)  
Old 29th January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

According to http://en.wikipedia.org/wiki/DNSSEC DNSSEC has not been been implemented completely yet.

The following packet dump show a DNSSEC answer
Code:
23:03:05.558393 B2.ORG.AFILIAS-NST.org.53 > rnames.utp.xnet.36923:  43271-
q: A? www.daemonforums.org. 0/6/2 ns: daemonforums.org. NS
ns.rwxrwxrwx.net., daemonforums.org. NS ns.daemonforums.org.,
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. Type50,
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. RRSIG,
u1rfjcpe050u05iqk0705qqqilnu83po.org. Type50,
u1rfjcpe050u05iqk0705qqqilnu83po.org. RRSIG ar: ns.daemonforums.org.
A 94.142.245.224, . OPT UDPsize=4096 (605) (DF) (ttl 58, id 0, len
633)
If you want a safe DNS infrastructure, use tinydns and dnscache from Daniel Bernstein
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote