Stack Overflow
Stack Overflow

Questions tagged [dnssec]

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

DNSSEC QUESTIONS MUST BE PROGRAMMING RELATED. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS).

67 questions
21
votes
2 answers

Amazon Route 53 DNSSEC support

We are trying to decide which DNS hosting solution to use. Today we use Power DNS and we want to move to a hosted DNS solution. The best solution for us would be using Amazon's Route 53 for this. We are mandated to use DNSSEC for our DNS solution…
royeet
  • 829
  • 1
  • 9
  • 12
10
votes
2 answers

Programmatically check if domains are DNSSEC protected

As the title says I want to programmatically check if a DNS response for a domain are protected with DNSSEC. How could I do this? It would be great, if there is a pythonic solution for this. UPDATE: changed request to response, sorry for the…
Thorben
  • 953
  • 13
  • 28
7
votes
2 answers

Validate RRSIG with PHP using openssl

I'm trying to do a RRSIG validation, I'm trying to use the openssl lib in PHP. But I'm having a problem to pass the public key to the openssl_verify function. This is a base code, using the Net/DNS2 library to do a DNS query with DNSSEC option. and…
Rabin
  • 826
  • 10
  • 21
7
votes
1 answer

How To Enable Unbound DNSSEC DNS Resolver On Mac OS X 10.10.3 Yosemite

I'm using Mac OS X 10.10.3 Yosemite. Very recently upgraded from Snow Leopard (10.6.8) to Yosemite. Step A On my MacBook, I login into an Admin type privileged account. I installed the latest free XCode from the Apple App Store. With XCode, I also…
atErik
  • 923
  • 2
  • 13
  • 24
6
votes
1 answer

How to use DANE with Java?

How can I write a X509TrustManager in Java that used DANE (DNS-based Authentication of Named Entities)? Are there any samples or a library? Or has Java build in support for DANE?
Horcrux7
  • 23,758
  • 21
  • 98
  • 156
5
votes
0 answers

How to get validate DNSSEC with python?

I have been trying for a long time to get a DNSSEC validated on Google, but every time when I tried to get it, I got some errors. For example, when I was trying on Google.com. server didn't send me back a message or I got some problems with the…
Guaz
  • 193
  • 1
  • 1
  • 12
4
votes
3 answers

How to setup DNSSEC for DNS records on AWS

Model: I have my domain registered in provider subreg.cz and he have ability of DNSSEC. I am pointing domain to AWS Route 53 with AWS nameservers. Trying setup DNSSEC on DNS records. Without any success. Why I am doing it? I have for domain ALIAS on…
Maximi
  • 559
  • 5
  • 18
4
votes
1 answer

What is DNSSEC in a nutshell?

could anyone explain to me how the DNSSEC works in a nutshell? What I can already understand (but i do not know if it is completely correct) is: DNS is an old protocol created in the early Internet, therefore it has flaws (e.g. no authentication).…
Takeiji
  • 51
  • 4
3
votes
0 answers

What is the correct TLSA record for the QUIC protocol?

As QUIC is based on UDP, is the following entry correct? _443._udp.example.com. 300 IN TLSA 1 0 1 HASH...
duxsco
  • 331
  • 2
  • 17
3
votes
2 answers

How to list all DNS records including DANE TLSA

I would like to list all/any DNS records including the DANE TLSA. With dig mailbox.org ANY I get all records including DNSSEC etc. but nothing about DANE. Why? With dig _443._tcp.mailbox.org. ANY I get the DANE TLSA records. I've read the…
FelixF
  • 31
  • 1
  • 2
3
votes
2 answers

where and how to submit DNSSEC DS record for a IDN ccTLD

I got the opportunity to configure an IDN ccTLD. I have already configured the DNS server and it is working properly. Now I have a challenge to secure the dns service by DNSSEC. I configured DNSSECC by self-signing. But Now I can't understand…
Samrat
  • 83
  • 1
  • 5
3
votes
1 answer

How can I check DNSSEC compliance with nodejs?

I'm building some web analytics tools, but I'm having some difficulty checking DNSSEC compliance in a NodeJS application. None of the DNSSEC record types seem to be accepted by the dns module in the standard library. I'm attempting to look up rrsig,…
Isaac
  • 1,371
  • 3
  • 14
  • 36
2
votes
2 answers

Where I can find the DNSSEC values at Google Cloud DNS?

I am looking for the DNSSEC values (Key tag, Algorithm, Digest Type, and Digest) in Google Cloud DNS so that I can create a DS record for my domain in Google Domains.
Mikep
  • 21
  • 1
2
votes
2 answers

Is a DNS SRV record lookup secure?

I'm wondering how trustworthy the data from a SRV record lookup is? I have a program that essentially could fall apart if someone were to be able to spoof the SRV response. If not, are there any precautions that could be taken to make it…
Lane Wagner
  • 65
  • 3
2
votes
1 answer

co.uk. dns zone validation with DNSSEC

Long time listener, first time caller here. I'm writing a DNS resolver with DNSSEC validation incorporated, and have noticed something that i can't really understand, after several read-throughs of the affected RFCs. During a resolution that is a…
Johnny Credit
  • 21
  • 1
1
2 3 4 5