Is the FBI's DNSSEC no longer broken?
John Levine
johnl at iecc.com
Mon Sep 9 13:42:37 UTC 2013
>I heard back, seems like I found someone at the FBI who was able to
>explain the problem to Neustar (DNS software provider) who say they
>will fix it.
Seems to be fixed now. Here's the formerly broken query, via unbound:
; <<>> DiG 9.8.3-P4 <<>> mail.ic.fbi.gov aaaa +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24041
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;mail.ic.fbi.gov. IN AAAA
;; AUTHORITY SECTION:
fbi.gov. 600 IN SOA ns1.fbi.gov. dns-admin.fbi.gov. 2013090301 7200 3600 2592000 43200
fbi.gov. 600 IN RRSIG SOA 7 2 600 20131202142044 20130903142044 32497 fbi.gov. lGgY8jWxYyxqi/pezCXZpSnY7B2UqDTvOQMrxt+REnd7rCHs2qU2U5k3 qnfAOVbPr2lEOVaChT9i+tElTQNfZxrmg0DvR+Nluj9DBD6kfwPnGdOT iBZJvrEhNsq5fY0DJ3jF7RMzr9YtA+Jl1T6bM+aWiUgXn9zvFT39+ReJ vA0=
95RIPFTKTJC9I7J8HDAIA7CM6L279FSR.fbi.gov. 41250 IN NSEC3 1 0 10 BBAB 97S2G907NEFOJ79P721E4FEQ9LR3IT1S A RRSIG
95RIPFTKTJC9I7J8HDAIA7CM6L279FSR.fbi.gov. 41250 IN RRSIG NSEC3 7 3 43200 20131202142044 20130903142044 32497 fbi.gov. ZqMr4lUifz0n46YCL/s/qa3iMp0Hz8OhIuYC/uDgWzwPJsD26VTECG0G aG4xWUlmumfm6GLMppo07keXa273bsJEYXgXVhTEWHMbDqrc5xhBPykG C53E8N36dcmzdnfN+v7cVnwWXdPOKMrIBPrZhBuHD2qT0QepAgdo8Aoa lgQ=
;; Query time: 161 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Mon Sep 9 09:41:43 2013
;; MSG SIZE rcvd: 509
More information about the NANOG
mailing list