Menu
▾
▴
Re: DNSSSEC verification example
|
From: Adam F. <af...@br...> - 2012-02-27 19:33:26
|
A link would be welcome, but I mostly just wanted to let you know your detailed responses weren't falling on deaf ears. The only tricky part about third parties posting to Sonatype is that they require you to control the domain you publish under. I could do it under org.littleshoot, for example, but can't do it under org.xbill. It would also be somewhat challenging to stay in sync, as I don't follow dnsjava on a daily basis so am not always aware of the latest release right away. I could easily publish a placeholder under org.littleshoot if you wanted, however -- DNSSEC4J would just grab that one, and others could as well. I could shoot you the super simple pom.xml that would be useful in any case. -Adam On Tue, Feb 21, 2012 at 6:58 PM, Brian Wellington <bwe...@xb...> wrote: > > On Feb 20, 2012, at 1:52 PM, Adam Fisk wrote: > >> I belatedly wanted to thank you for all these details, Brian. It's >> still an early version that needs more extensive testing in the wild, >> but the steps you described are integrated into DNSSEC4J at: >> >> https://github.com/adamfisk/DNSSEC4J > > Thanks! Do you want me to add a link to this from dnsjava.org? > >> I know others have mentioned it, but I'll throw in my +1 for putting >> dnsjava up at Sonatype for auto-syncing with Maven central -- would >> make it much easier for third parties to integrate things like >> DNSSEC4J as well. It's actually fairly easy to do and totally worth it >> -- described at: >> >> https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide > > I don't use Maven, so I'm not planning to do this. If anyone else wants to do this on a regular basis, I'm happy to let them. > > Brian > > > >> On Wed, Nov 23, 2011 at 4:32 PM, Brian Wellington <bwe...@xb...> wrote: >>> >>> On Nov 22, 2011, at 8:38 PM, Adam Fisk wrote: >>> >>>> Hi Brian- How do I modify the initial request message to request the >>>> DNSSEC extended attributes? Should I be able to get those attributes >>>> from a query to say gmail.com -- i.e can I just fire off queries to >>>> bunch of the major sites at this point and expect DNSSEC responses? >>> >>> If you want to set it on all queries, you can call: >>> >>> Resolver.setEDNS(0, 0, ExtendedFlags.DO, null); >>> >>> on the resolver being used. To set it on an individual query: >>> >>> opt = new OPTRecord(1280, 0, 1, ExtendedFlags.DO , null); >>> query.addRecord(opt, Section.ADDITIONAL); >>> >>> Note that unless you send the query directly to an authoritative server, the response will only contain DNSSEC information if the caching server you're pointing to supports DNSSEC. Whether this is true depends on how your ISP (or other DNS provider) has configured it. >>> >>> There are definitely major sites using DNSSEC, but gmail isn't one of them. I'm sure that someone's maintaining a list, but I haven't looked. >>> >>> Brian >>> > |
