DNSKEY Validation
Mark Elkins
mje at posix.co.za
Tue Jul 14 19:40:52 UTC 2009
On Tue, 2009-07-14 at 17:50 +1000, Mark Andrews wrote:
> In message <1247555725.13064.4.camel at ilinux>, Mark Elkins writes:
> > OK - so I accept that the algorithm will change.
> >
> > What about some sort of validation of the base-64 part of the key?
> > Is there a checksum byte/word?
> > Is there a way of checking that the length is correct?
>
> Have you thought of reading the RFCs which describe these records?
> The answers to your questions are in the RFCs.
For the record - have been looking at various definitions and at some
RFC's - but the 'right thing' has not jumped out at me yet. Could some
kind soul please point me at the latest RFC that describes the base-64
part of the DNSREC resource record - how to checksum it and calculate
that the length is correct.
Or - are there stand-alone tools for this?
http://www.dnssec-deployment.org/tracker/ has lots of good stuff - but
I'd rather not have to download everything to try it.
>
> Mark
Anyone know how to get dnskeys into .ORG - I've had no answer yet from
info at pir.org.
--
. . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the bind-users
mailing list