Re: [dane] antique signer?
Mark Andrews <marka@isc.org> Sat, 14 April 2012 07:59 UTC
Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A63A21F84E7 for <dane@ietfa.amsl.com>; Sat, 14 Apr 2012 00:59:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.159
X-Spam-Level:
X-Spam-Status: No, score=-2.159 tagged_above=-999 required=5 tests=[AWL=-0.161, BAYES_00=-2.599, J_CHICKENPOX_46=0.6, WEIRD_PORT=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3oZvEQI43xOZ for <dane@ietfa.amsl.com>; Sat, 14 Apr 2012 00:59:47 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 157D421F84AF for <dane@ietf.org>; Sat, 14 Apr 2012 00:59:47 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id F33725F984C; Sat, 14 Apr 2012 07:59:30 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:619b:7a0d:7f38:b821]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id BB20F216C31; Sat, 14 Apr 2012 07:59:28 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 06DD01FB61F4; Sat, 14 Apr 2012 17:59:22 +1000 (EST)
To: bmanning@vacation.karoshi.com
From: Mark Andrews <marka@isc.org>
References: <20120410164131.GA2938@vacation.karoshi.com.>
In-reply-to: Your message of "Tue, 10 Apr 2012 16:41:31 GMT." <20120410164131.GA2938@vacation.karoshi.com.>
Date: Sat, 14 Apr 2012 17:59:21 +1000
Message-Id: <20120414075922.06DD01FB61F4@drugs.dv.isc.org>
Cc: dane@ietf.org
Subject: Re: [dane] antique signer?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Apr 2012 07:59:48 -0000
In message <20120410164131.GA2938@vacation.karoshi.com.>, bmanning@vacation.karos hi.com writes: > > dnssec-signzone -o bar.scan.net bar.scan.net > dnssec-signzone: warning: bar.scan.net:17: unknown RR type 'TLSA' > dnssec-signzone: fatal: failed loading zone from 'bar.scan.net': unknown class/ > type And the purpose of this was what? To show that someone hasn't added type specific code for TLSA records withing 24 hours of the type being assigned despite there being no need for that type specific code to be written to actually use TLSA records? % dnssec-signzone -S -o example.net junk dnssec-signzone: warning: junk:1: no TTL specified; using SOA MINTTL instead Fetching ZSK 26127/RSASHA1 from key repository. Fetching KSK 61969/RSASHA1 from key repository. Verifying the zone using the following algorithms: RSASHA1. Zone signing complete: Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked ZSKs: 1 active, 0 stand-by, 0 revoked junk.signed % cat junk @ SOA . . 0 0 0 0 0 @ NS @ @ TYPE52 \# 11 00 00 00 1234567890abcdef % Of course it isn't that hard to add support for TLSA but like all things the changes will need to be reviewed. You could have just submitted patches instead of waiting for someone else to do it. It's not like you don't have the skill to do it. % cat junk @ SOA . . 0 0 0 0 0 @ NS @ @ TLSA 0 0 0 1234567890abcdef % dnssec-keygen example.net Generating key pair..............++++++ ..............++++++ Kexample.net.+005+26127 [drugs:~/git/bind9] marka% dnssec-keygen -f KSK example.net Generating key pair...........................................................................................................................................................................................................................+++ ...............................................................................+++ Kexample.net.+005+61969 % bin/dnssec/dnssec-signzone -S -o example.net junk dnssec-signzone: warning: junk:1: no TTL specified; using SOA MINTTL instead Fetching ZSK 26127/RSASHA1 from key repository. Fetching KSK 61969/RSASHA1 from key repository. Verifying the zone using the following algorithms: RSASHA1. Zone signing complete: Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked ZSKs: 1 active, 0 stand-by, 0 revoked junk.signed % Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dane] antique signer? bmanning
- Re: [dane] antique signer? Mark Andrews
- Re: [dane] antique signer? bmanning