|
From: Tom H. <to...@to...> - 2010-04-07 13:48:45
|
On 4/7/10 5:14 AM, Alexander Kiening wrote:
> Hi,
>
> I want to configure a bind9 server (9.7.0) to distribute HIP RR records.
> As described in RFC 5205, this is done in th format
>
> IN HIP ( pk-algorithm
> base16-encoded-hit
> base64-encoded-public-key
> rendezvous-server )
>
> The algorithm I use is RSA. My question now is how to fill the field of
> the public key? In RSA, the public key consists of the N- and the
> E-field. How are these two combined in the public key field above?
Have you consulted these standards?
[RFC2536] Eastlake, D., "DSA KEYs and SIGs in the Domain Name System
(DNS)", RFC 2536, March 1999.
[RFC3110] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain
Name System (DNS)", RFC 3110, May 2001.
I do not believe HIP introduced any new way to encode keys into RRs.
>
> As the E-field is equal on all my configured hosts, I thought, that
> maybe, this field does not need to be explicitly included in the public
> key record, so I tried to only specify the N-field, which generates a
> record that satisfies named-checkzone. I can also query this record with
> nslookup -type=any [dns-name], but OpenHIP refuses the record with the
> message "*** receive_hip_dns_response: HIT did not validate". So, this
> is not the way to make it work.
>
> In your wiki, you mention a hi2dns tool. Unfortunately, I can not locate
> this tool on the internet.
These files are on our older CVS repository-- we need to migrate them to
our current SVN repository (sorry about that). In the meantime, they
are browsable here:
http://openhip.cvs.sourceforge.net/viewvc/openhip/patches/bind/
or fetched from cvs:
cvs -d:pserver:ano...@op...:/cvsroot/openhip login
cvs -z3
-d:pserver:ano...@op...:/cvsroot/openhip co -P
openhip/patches
- Tom
|