[bdNOG] nog Digest, Vol 59, Issue 1

Ripan Kumar Ray riponroy79 at gmail.com
Sat Oct 6 13:28:57 BDT 2018


*Please use bellow command line to check DNSSec is enable or not.dig
@xx.xx.xx.xx dnssec-failed.org <http://dnssec-failed.org> a +dnssec *

In that command, replace the string *xx.xx.xx.xx* with the IP of your DNS
server.

If the response includes the following:

* ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL *

then the resolver is doing DNSSEC validation. (The status indication of
*SERVFAIL* here indicates that the validation failed, which means that the
validation is in fact happening.)

If instead the response includes the following:

* ;; ->>HEADER<<- opcode: QUERY, status: NOERROR *

the the resolver is not doing DNSSEC validation.

*Reference: *
https://www.icann.org/dns-resolvers-checking-current-trust-anchors

Regard,
Ripan Kumar Ray

On Fri, Oct 5, 2018 at 10:35 AM Subrata Sarker <sarkersubrata at yahoo.com>
wrote:

> MY DNS server details below:
>
>
> *==========*
> *DNS-1:*
>
> *==========*
> #named -v
> BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6
> dnssec-enable yes;
> dnssec-validation auto;
>
>
> *=========*
> *DNS-2:*
> =========
>  #named -v
> BIND 9.8.4-rpz2+rl005.12-P1
>         dnssec-enable yes;
>         dnssec-lookaside no;
>         dnssec-validation auto;
>
>
>
> Please suggest, if need to add/modify any config/key.
>
>
> Best Regards
> Subrata Sarker
>
> IT Connect Ltd.
> cell:+8801747902663
>
>
> On Monday, 1 October 2018, 9:02:53 am GMT+6, nog-request at bdnog.org <
> nog-request at bdnog.org> wrote:
>
>
> Send nog mailing list submissions to
>     nog at bdnog.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     http://mailman.bdnog.org/mailman/listinfo/nog
> or, via email, send a message with subject or body 'help' to
>     nog-request at bdnog.org
>
> You can reach the person managing the list at
>     nog-owner at bdnog.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of nog digest..."
>
>
> Today's Topics:
>
>   1. Re: Board Approval of KSK Roll (GZ Kabir)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 1 Oct 2018 09:03:10 +0600
> From: GZ Kabir <gzkabir at gmail.com>
> To: Champika Wijayatunga <champika.wijayatunga at icann.org>,
>     nog at bdnog.org
> Subject: Re: [bdNOG] Board Approval of KSK Roll
> Message-ID: <3317CA8B-0657-4528-B246-36F670F54481 at gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thanks Champ, here it goes,
>
> Dear bdNOG Members,
>
> Pls. be informed about the KSK rollover happening on 11th October, 2018.
> Pls. Go through the trailing mail of Champ.
>
> Regards,
>
> GZ Kabir
>
>
>
> > On 1 Oct, 2018, at 7:25 AM, Champika Wijayatunga <
> champika.wijayatunga at icann.org> wrote:
> >
> >  Hi Sumon Bhai and Kabir Bhai,
> >
> > Hope all is well.
> >
> > Just wanted to let you know that ICANN board has approved the KSK
> rollover and it will go as scheduled on 11thOctober 2018.
> > https://www.icann.org/resources/press-material/release-2018-09-18-en <
> https://www.icann.org/resources/press-material/release-2018-09-18-en>
> >
> > It would be good if you can share this announcement to BDNOG, BDIX and
> ISPAB community.
> >
> > Thank you.
> >
> > Best regards,
> > Champ.
> >
> >
> >
> > From: Sumon Ahmed Sabir <sumon at office.bdcom.com <mailto:
> sumon at office.bdcom.com>>
> > Date: Friday, July 20, 2018 at 3:41 PM
> > To: Champika Wijayatunga <champika.wijayatunga at icann.org <mailto:
> champika.wijayatunga at icann.org>>
> > Cc: Gazi Zehadul Kabir <gzkabir at gmail.com <mailto:gzkabir at gmail.com>>, "
> gzkabir at bdcom.com <mailto:gzkabir at bdcom.com>" <gzkabir at bdcom.com <mailto:
> gzkabir at bdcom.com>>, Sumon Ahmed Sabir <sumon at fiberathome.net <mailto:
> sumon at fiberathome.net>>
> > Subject: [Ext] Re: Awareness of KSK rollover date and request to IXP
> Admins
> >
> > ? <>
> > Dear Champ,
> >
> > We will be happy to distribute it in our community and thanks for
> sharing.
> >
> > As we know most of us(if not all) are very smart in BD and did not
> deployed complex DNS-SEC and very much relying on unsecured DNS systems, so
> not expecting any impact on ksk rollover.
> >
> > But this message may also help as another awareness  for DNS-SEC
> deployment.
> >
> >
> > Best regards,
> >
> >
> > Sumon
> >
> >
> > ?? ?????, ???? ?:?? am ?, "Champika Wijayatunga" <
> champika.wijayatunga at icann.org <mailto:champika.wijayatunga at icann.org>>
> ???????:
> >>
> >> Hi Sumon Bhai and Kabir Bhai,
> >>
> >> I?m reaching out to IXP Administrators like yourselves regarding the
> KSK rollover date of 11 October 2018. I?m appending a letter from ICANN CTO
> requesting your help to raise awareness amongst the BD IXP peering partners
> please. If you can share this with BDIX and BDNOG members that would be
> great.
> >>
> >>
> >> ---<start of letter>---
> >>
> >>
> >> Dear IXP Administrator,
> >>
> >> The ICANN organization is requesting your help in a very important
> matter that could affect some of the operators that connect to your
> Internet exchange.
> >>
> >> ICANN is undertaking a project to update the Internet's root zone
> DNSSEC ?key signing? key or KSK. The process, known as the KSK rollover, is
> described here:  https://www.icann.org/kskroll [icann.org] <
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_kskroll&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=whMuiz76IxmdJbBnWNPuUwHRa_HmUhi8cbyjOVXXy4j6ajas1OsDbkyxUnub9MEs&m=71uXLQEE5h6QZIW5aaJIv57oCsRvyudkPPG53I0512Y&s=5o6XrVLFoU5X1g_pfY_RtgrvqEX4wOoKTTxTp-zIN30&e=>.
> This project may have an operational impact on DNS resolution services if
> DNSSEC is deployed and offered by your members/customers.
> >>
> >> The process to update the root zone?s KSK has been ongoing since 2015.
> Last year, ICANN paused this rollover project due to indications that some
> operators may not have been prepared for the change in keys despite the
> fact that we have presented to numerous network fora for several years,
> sought global trade press coverage and written to various government
> agencies. Even today, there is data suggesting that some operators will
> encounter trouble when the KSK is changed.  The data is available at http://root-trust-anchor-reports.research.icann.org
> [root-trust-anchor-reports.research.icann.org] <
> https://urldefense.proofpoint.com/v2/url?u=http-3A__root-2Dtrust-2Danchor-2Dreports.research.icann.org&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=whMuiz76IxmdJbBnWNPuUwHRa_HmUhi8cbyjOVXXy4j6ajas1OsDbkyxUnub9MEs&m=71uXLQEE5h6QZIW5aaJIv57oCsRvyudkPPG53I0512Y&s=V1-MzICDEMor9kabvG1nreyOWhFOVz3EJd1IwRqfgvc&e=
> >.
> >>
> >> As part of an ongoing campaign to increase awareness of the KSK
> rollover and reach the resolver operators that are causing the
> announcements that suggest their resolvers are unprepared for the KSK
> rollover, we are now seeking your help. Despite our previous outreach, we
> need to make even greater efforts to reach operators of DNS servers, many
> of which are ISPs.
> >>
> >> Specifically, the goal of our outreach is to call the attention of
> network operators to the information on this page:
> >> https://www.icann.org/dns-resolvers-updating-latest-trust-anchor [
> icann.org] <
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_dns-2Dresolvers-2Dupdating-2Dlatest-2Dtrust-2Danchor&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=whMuiz76IxmdJbBnWNPuUwHRa_HmUhi8cbyjOVXXy4j6ajas1OsDbkyxUnub9MEs&m=71uXLQEE5h6QZIW5aaJIv57oCsRvyudkPPG53I0512Y&s=jVHhVXRtwqbss2dGSftHL-Rn4X-U0lysknyRWiof3tE&e=
> >
> >>
> >> We would appreciate your assistance and/or advice on contacting network
> operators that are connecting through your IXP.  We are willing to
> participate in any customer focused communications, supplying materials,
> media outreach or any other forms of communication deemed appropriate for
> an IXP and are willing to sign non-disclosure agreements should that be
> necessary.
> >>
> >> Thank you for your assistance in this important matter.
> >>
> >> Respectfully,
> >> David Conrad
> >> ICANN Chief Technology Officer
> >>
> >> ---<end>----
> >>
> >>
> >>
> >> Thank you.
> >>
> >> Best regards,
> >> Champika
> >>
> >> ??????????????
> >> Champika Wijayatunga
> >> Security, Stability and Resiliency (SSR)
> >> Regional SSR Engagement Manager - APAC
> >> Internet Corporation for Assigned Names and Numbers (ICANN)
> >> Email: <champika.wijayatunga at icann.org <mailto:
> champika.wijayatunga at icann.org>>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.bdnog.org/pipermail/nog/attachments/20181001/4fad85e2/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>
> End of nog Digest, Vol 59, Issue 1
> **********************************
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20181006/4f1646a3/attachment.html>


More information about the nog mailing list