IETF
dnsext
dnsext@jabber.ietf.org
Saturday, July 18, 2015< ^ >
ogud has set the subject to: IETF-84 No dnsext meeting
Room Configuration
Room Occupants

GMT+0
[04:07:50] MAP joins the room
[04:07:55] MAP leaves the room
[09:10:19] dkg joins the room
[09:10:26] Benno Overeinder joins the room
[09:10:27] Dan York joins the room
[09:10:33] wseltzer joins the room
[09:10:36] <Dan York> Woohoo!
[09:10:43] tjw.ietf joins the room
[09:10:46] ogud@jabber.org joins the room
[09:11:11] <dkg> does anyone know melinda's handle?
[09:11:13] tjw.ietf leaves the room
[09:11:15] <dkg> can we invite her?
[09:11:23] willem joins the room
[09:11:37] <willem> yay
[09:11:51] <ogud@jabber.org> /title IETF-93 Hackathon
[09:17:08] ogud@jabber.org joins the room
[09:28:39] <ogud@jabber.org> dig ds-1.alg-13-nsec3.dnssec-test.org ns
[09:30:36] ogud@jabber.org leaves the room
[09:32:10] gmadkat1@gmail.com joins the room
[09:32:38] <ogud@jabber.org> https://github.com/ogud/DNSSEC_ALG_Check
[09:36:05] <ogud@jabber.org> This test program does not work at at the moment https://github.com/ogud/DNSSEC_ALG_Check
[09:38:06] <ogud@jabber.org> sorry https://github.com/ogud/DNSSEC-resolver-check
[09:41:54] <ogud@jabber.org> Testing strategies: a) Brute force with post analysis
[09:41:55] gmadkat1@gmail.com leaves the room
[09:42:16] <ogud@jabber.org> b) Intelligent test via a decision tree
[09:43:10] Benno Overeinder leaves the room: Disconnected: closed
[09:48:28] gmadkat1@gmail.com joins the room
[09:53:26] Benno Overeinder joins the room
[10:11:40] tjw.ietf joins the room
[10:11:57] <Dan York> hi tim
[10:13:38] ogud@jabber.org leaves the room
[10:17:41] gmadkat1@gmail.com leaves the room
[10:19:08] dkg leaves the room
[10:23:55] Benno Overeinder leaves the room: Disconnected: closed
[10:54:14] gmadkat1@gmail.com joins the room
[10:55:41] gmadkat1@gmail.com leaves the room
[10:56:01] gmadkat1@gmail.com joins the room
[11:01:59] gmadkat1@gmail.com leaves the room
[11:02:05] gmadkat1@gmail.com joins the room
[11:03:32] gmadkat1@gmail.com leaves the room
[11:06:56] gmadkat1@gmail.com joins the room
[11:12:18] <tjw.ietf > http://data.iana.org/root-anchors/root-anchors.xml
[11:13:50] <tjw.ietf > https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
[11:20:24] gmadkat1@gmail.com leaves the room
[11:21:06] gmadkat1@gmail.com joins the room
[11:23:02] gmadkat1@gmail.com leaves the room
[11:23:10] gmadkat1@gmail.com joins the room
[11:24:04] ogud@jabber.org joins the room
[11:24:49] <ogud@jabber.org> The intelligent query test
[11:25:08] <ogud@jabber.org> #1 Ask for doesnotexist.dnssec-test.org  TXT
[11:25:37] <ogud@jabber.org> if the answer is NXDOMAIN we have a resolver that is not lying
[11:26:04] <ogud@jabber.org> #2 Ask for alg-8.nsec3.dnssec-test.org SOA
[11:26:53] <ogud@jabber.org> if AD and NoError then a validating resolver
[11:27:33] <ogud@jabber.org> name is actulay alg-8-nsec3.dnssec-test.org SOA
[11:28:36] dkg joins the room
[11:28:41] <dkg> nerd sniping: https://xkcd.com/356/
[11:28:53] <ogud@jabber.org> #3 Ask for alg-13-nsec.dnssec-test.org  
[11:28:59] <ogud@jabber.org> tells us about alg 13 support
[11:29:37] <ogud@jabber.org> #4 Ask for dnssec-failed.org SOA  
[11:30:13] <ogud@jabber.org> if this NOERROR with SOA then this is "Only Postive DNSSEC resolver" or Passive-DNSSEC
[11:30:34] <ogud@jabber.org> I will put in the error results later
[11:31:00] <ogud@jabber.org> On all questions we check for AD
[11:31:19] <ogud@jabber.org> right answer 1 point + AD is 1 point when set right
[11:31:28] <ogud@jabber.org> that is our dial scale
[11:33:25] <Dan York> The intelligent query test
1:25
#1 Ask for doesnotexist.dnssec-test.org <http://doesnotexist.dnssec-test.org/>  TXT
1:25
if the answer is NXDOMAIN we have a resolver that is not lying
1:26
#2 Ask for alg-8.nsec3.dnssec-test.org <http://alg-8.nsec3.dnssec-test.org/> SOA
1:26
if AD and NoError then a validating resolver
1:27
name is actulay alg-8-nsec3.dnssec-test.org <http://alg-8-nsec3.dnssec-test.org/> SOA
[11:35:57] <ogud@jabber.org> in #1 the query should ask for A
[11:45:20] Benno Overeinder joins the room
[12:03:20] gmadkat1@gmail.com leaves the room
[12:07:08] gmadkat1@gmail.com joins the room
[12:13:40] ogud@jabber.org leaves the room
[12:15:16] <dkg> https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=686
[12:20:49] ogud@jabber.org joins the room
[12:22:03] <ogud@jabber.org> http://aperturehost.com/free-public-dns-resolvers/
[12:22:43] <willem> Here is a nice list of open resolvers http://www.circleid.com/posts/20110407_top_public_dns_resolvers_compared/
[12:22:50] <willem> Hello
[12:23:07] <willem> ping
[12:33:06] <gmadkat1@gmail.com> I am checking the Verisign recursive servers at 198.41.2.2 198.41.1.1
[12:52:53] <ogud@jabber.org> Verisign resolver get A+
[12:54:18] <dkg> ssh-keygen -l -F getdnsapi.net
[13:01:07] Benno Overeinder leaves the room
[13:02:33] Benno Overeinder joins the room
[13:05:38] <ogud@jabber.org> Correction use: realy-doesnotexist.dnssec-test.org A   as the other one exists as a cname pointing to nothing
[13:18:12] tjw.ietf leaves the room
[13:19:50] Benno Overeinder leaves the room
[13:21:22] willem leaves the room
[13:21:57] tjw.ietf joins the room
[13:46:03] Benno Overeinder joins the room
[13:49:08] <dkg> https://gitlab.nlnetlabs.nl/dkg/unbound
[14:08:32] wseltzer joins the room
[14:17:38] wseltzer leaves the room
[14:19:05] <ogud@jabber.org> Lying resolver that does DNSSEC validation dig @156.154.70.1 realy-doesnotexist.dnssec-test.org. A +dnssec
[14:21:03] willem joins the room
[14:26:29] <gmadkat1@gmail.com> ./getdns_query @8.8.8.8 ds-1.alg-1-nsec.dnssec-test.org TXT +dnssec_return_status
[14:29:12] <ogud@jabber.org> added my first test program into git at https://github.com/ogud/DNSSEC_ALG_Check
[14:33:08] ogud@jabber.org leaves the room
[14:47:35] gmadkat1@gmail.com leaves the room
[14:55:09] gmadkat1@gmail.com joins the room
[15:05:49] gmadkat1@gmail.com leaves the room
[15:05:54] gmadkat1@gmail.com joins the room
[15:10:36] gmadkat1@gmail.com leaves the room
[15:10:39] gmadkat1@gmail.com joins the room
[15:12:00] sara@sinodun.com joins the room
[15:12:01] Benno Overeinder leaves the room: Disconnected: closed
[15:13:04] tjw.ietf leaves the room
[15:13:18] sara@sinodun.com leaves the room
[15:13:20] sara@sinodun.com joins the room
[15:15:10] tjw.ietf joins the room
[15:15:37] <dkg> https://gitlab.nlnetlabs.nl/dkg/unbound
[15:18:18] Benno Overeinder joins the room
[15:23:55] <Dan York> FYI, my little python script that takes the IANA DNSSEC algorithm number registry and converts it to JSON is at https://github.com/danyork/dnssec-algs-json
[15:33:34] sara@sinodun.com leaves the room
[15:33:37] Dan York leaves the room: Replaced by new connection
[15:33:43] tjw.ietf leaves the room
[15:33:52] Dan York joins the room
[15:33:55] tjw.ietf joins the room
[15:34:46] sara@sinodun.com joins the room
[15:36:20] <sara@sinodun.com> EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
+       if (! ecdh) {
+               log_crypto_err("could not create EC KEY curve");
+               SSL_CTX_free(ctx);
+               return NULL;
+       }
+       if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) {
+               log_crypto_err("could not set ecdh params");
+               SSL_CTX_free(ctx);
+               return NULL;
+       }
+       EC_KEY_free (ecdh);
[15:37:22] Benno Overeinder leaves the room
[15:41:25] Benno Overeinder joins the room
[16:24:11] <dkg> willem: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=687 and https://gitlab.nlnetlabs.nl/dkg/unbound/commit/cc9c5b4ee89d1a39678afbc062f4714de56189be fixes ECDHE for unbound servers
[16:36:14] Benno Overeinder leaves the room
[16:47:25] ogud@jabber.org joins the room
[16:52:20] sara@sinodun.com leaves the room
[17:01:31] tjw.ietf leaves the room
[17:11:10] ogud@jabber.org leaves the room
[17:15:09] wseltzer leaves the room
[17:17:35] gmadkat1@gmail.com joins the room
[17:17:35] gmadkat1@gmail.com leaves the room
[17:27:12] dkg leaves the room
[17:32:00] gmadkat1@gmail.com leaves the room
[17:35:56] gmadkat1@gmail.com joins the room
[17:45:29] ogud@jabber.org joins the room
[17:47:12] gmadkat1@gmail.com leaves the room
[18:00:55] gmadkat1@gmail.com joins the room
[18:01:07] tjw.ietf joins the room
[18:01:11] wseltzer joins the room
[18:09:04] Benno Overeinder joins the room
[18:28:40] ogud@jabber.org leaves the room
[18:56:03] Dan York leaves the room
[18:56:44] tjw.ietf leaves the room
[19:05:22] ogud@jabber.org joins the room
[19:20:59] Benno Overeinder leaves the room: Disconnected: closed
[19:21:57] Benno Overeinder joins the room
[19:23:11] ogud@jabber.org leaves the room
[19:42:42] wseltzer leaves the room
[19:44:31] Benno Overeinder leaves the room
[19:52:56] MAP joins the room
[19:53:08] Dan York joins the room
[19:53:26] gmadkat1@gmail.com leaves the room
[19:59:47] willem leaves the room: Disconnected: closed
[20:00:41] MAP joins the room
[20:01:40] MAP leaves the room
[20:05:07] gmadkat1@gmail.com joins the room
[20:05:31] MAP joins the room
[20:05:40] MAP leaves the room
[20:15:14] wseltzer joins the room
[21:07:40] Dan York leaves the room
[21:27:24] MAP leaves the room
[22:28:12] wseltzer leaves the room
[23:45:06] MAP joins the room
[23:45:22] MAP leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!