[bdNOG] nog Digest, Vol 59, Issue 1

Subrata Sarker sarkersubrata at yahoo.com
Sat Oct 6 20:51:48 BDT 2018


Dear Ripan,
Please find the output: 
dig @103.15.246.1 dnssec-failed.org a +dnssec
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> @103.15.246.1 dnssec-failed.org a +dnssec; (1 server found);; global options: +cmd



Best Regards
Subrata Sarker

 

    On Saturday, 6 October 2018, 1:29:21 pm GMT+6, Ripan Kumar Ray <riponroy79 at gmail.com> wrote:  
 
 Please use bellow command line to check DNSSec is enable or not.

dig @xx.xx.xx.xx dnssec-failed.org a +dnssec

In that command, replace the string xx.xx.xx.xx with the IP of your DNS server.

If the response includes the following:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL
then the resolver is doing DNSSEC validation. (The status indication of SERVFAIL here indicates that the validation failed, which means that the validation is in fact happening.)

If instead the response includes the following:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR
the the resolver is not doing DNSSEC validation.

Reference: https://www.icann.org/dns-resolvers-checking-current-trust-anchors

Regard,
Ripan Kumar Ray

On Fri, Oct 5, 2018 at 10:35 AM Subrata Sarker <sarkersubrata at yahoo.com> wrote:

MY DNS server details below:

==========
DNS-1: ==========
#named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6
dnssec-enable yes;
dnssec-validation auto;
=========
DNS-2:
=========
 #named -v
BIND 9.8.4-rpz2+rl005.12-P1        dnssec-enable yes;
        dnssec-lookaside no;
        dnssec-validation auto;


Please suggest, if need to add/modify any config/key.

Best Regards
Subrata Sarker

IT Connect Ltd.
cell:+8801747902663 

    On Monday, 1 October 2018, 9:02:53 am GMT+6, nog-request at bdnog.org <nog-request at bdnog.org> wrote:  
 
 Send nog mailing list submissions to
    nog at bdnog.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://mailman.bdnog.org/mailman/listinfo/nog
or, via email, send a message with subject or body 'help' to
    nog-request at bdnog.org

You can reach the person managing the list at
    nog-owner at bdnog.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nog digest..."


Today's Topics:

  1. Re: Board Approval of KSK Roll (GZ Kabir)


----------------------------------------------------------------------

Message: 1
Date: Mon, 1 Oct 2018 09:03:10 +0600
From: GZ Kabir <gzkabir at gmail.com>
To: Champika Wijayatunga <champika.wijayatunga at icann.org>,
    nog at bdnog.org
Subject: Re: [bdNOG] Board Approval of KSK Roll
Message-ID: <3317CA8B-0657-4528-B246-36F670F54481 at gmail.com>
Content-Type: text/plain; charset="utf-8"

Thanks Champ, here it goes,

Dear bdNOG Members,

Pls. be informed about the KSK rollover happening on 11th October, 2018. Pls. Go through the trailing mail of Champ.

Regards,

GZ Kabir



> On 1 Oct, 2018, at 7:25 AM, Champika Wijayatunga <champika.wijayatunga at icann.org> wrote:
> 
>  Hi Sumon Bhai and Kabir Bhai,
>  
> Hope all is well.
>  
> Just wanted to let you know that ICANN board has approved the KSK rollover and it will go as scheduled on 11thOctober 2018.
> https://www.icann.org/resources/press-material/release-2018-09-18-en <https://www.icann.org/resources/press-material/release-2018-09-18-en>
>  
> It would be good if you can share this announcement to BDNOG, BDIX and ISPAB community.
>  
> Thank you.
>  
> Best regards,
> Champ.
>  
>  
>  
> From: Sumon Ahmed Sabir <sumon at office.bdcom.com <mailto:sumon at office.bdcom.com>>
> Date: Friday, July 20, 2018 at 3:41 PM
> To: Champika Wijayatunga <champika.wijayatunga at icann.org <mailto:champika.wijayatunga at icann.org>>
> Cc: Gazi Zehadul Kabir <gzkabir at gmail.com <mailto:gzkabir at gmail.com>>, "gzkabir at bdcom.com <mailto:gzkabir at bdcom.com>" <gzkabir at bdcom.com <mailto:gzkabir at bdcom.com>>, Sumon Ahmed Sabir <sumon at fiberathome.net <mailto:sumon at fiberathome.net>>
> Subject: [Ext] Re: Awareness of KSK rollover date and request to IXP Admins
>  
> ? <>
> Dear Champ,
>  
> We will be happy to distribute it in our community and thanks for sharing.
>  
> As we know most of us(if not all) are very smart in BD and did not deployed complex DNS-SEC and very much relying on unsecured DNS systems, so not expecting any impact on ksk rollover.
>  
> But this message may also help as another awareness  for DNS-SEC deployment.
>  
>  
> Best regards,
>  
>  
> Sumon
>  
>  
> ?? ?????, ???? ?:?? am ?, "Champika Wijayatunga" <champika.wijayatunga at icann.org <mailto:champika.wijayatunga at icann.org>> ???????:
>>  
>> Hi Sumon Bhai and Kabir Bhai,
>>  
>> I?m reaching out to IXP Administrators like yourselves regarding the KSK rollover date of 11 October 2018. I?m appending a letter from ICANN CTO requesting your help to raise awareness amongst the BD IXP peering partners please. If you can share this with BDIX and BDNOG members that would be great.
>>  
>>  
>> ---<start of letter>---
>>  
>>  
>> Dear IXP Administrator,
>>  
>> The ICANN organization is requesting your help in a very important matter that could affect some of the operators that connect to your Internet exchange.
>>  
>> ICANN is undertaking a project to update the Internet's root zone DNSSEC ?key signing? key or KSK. The process, known as the KSK rollover, is described here:  https://www.icann.org/kskroll [icann.org] <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_kskroll&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=whMuiz76IxmdJbBnWNPuUwHRa_HmUhi8cbyjOVXXy4j6ajas1OsDbkyxUnub9MEs&m=71uXLQEE5h6QZIW5aaJIv57oCsRvyudkPPG53I0512Y&s=5o6XrVLFoU5X1g_pfY_RtgrvqEX4wOoKTTxTp-zIN30&e=>.  This project may have an operational impact on DNS resolution services if DNSSEC is deployed and offered by your members/customers.
>>  
>> The process to update the root zone?s KSK has been ongoing since 2015. Last year, ICANN paused this rollover project due to indications that some operators may not have been prepared for the change in keys despite the fact that we have presented to numerous network fora for several years, sought global trade press coverage and written to various government agencies. Even today, there is data suggesting that some operators will encounter trouble when the KSK is changed.  The data is available at http://root-trust-anchor-reports.research.icann.org [root-trust-anchor-reports.research.icann.org] <https://urldefense.proofpoint.com/v2/url?u=http-3A__root-2Dtrust-2Danchor-2Dreports.research.icann.org&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=whMuiz76IxmdJbBnWNPuUwHRa_HmUhi8cbyjOVXXy4j6ajas1OsDbkyxUnub9MEs&m=71uXLQEE5h6QZIW5aaJIv57oCsRvyudkPPG53I0512Y&s=V1-MzICDEMor9kabvG1nreyOWhFOVz3EJd1IwRqfgvc&e=>.
>>  
>> As part of an ongoing campaign to increase awareness of the KSK rollover and reach the resolver operators that are causing the announcements that suggest their resolvers are unprepared for the KSK rollover, we are now seeking your help. Despite our previous outreach, we need to make even greater efforts to reach operators of DNS servers, many of which are ISPs.
>>  
>> Specifically, the goal of our outreach is to call the attention of network operators to the information on this page:
>> https://www.icann.org/dns-resolvers-updating-latest-trust-anchor [icann.org] <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_dns-2Dresolvers-2Dupdating-2Dlatest-2Dtrust-2Danchor&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=whMuiz76IxmdJbBnWNPuUwHRa_HmUhi8cbyjOVXXy4j6ajas1OsDbkyxUnub9MEs&m=71uXLQEE5h6QZIW5aaJIv57oCsRvyudkPPG53I0512Y&s=jVHhVXRtwqbss2dGSftHL-Rn4X-U0lysknyRWiof3tE&e=>
>>  
>> We would appreciate your assistance and/or advice on contacting network operators that are connecting through your IXP.  We are willing to participate in any customer focused communications, supplying materials, media outreach or any other forms of communication deemed appropriate for an IXP and are willing to sign non-disclosure agreements should that be necessary.
>>  
>> Thank you for your assistance in this important matter.
>>  
>> Respectfully,
>> David Conrad
>> ICANN Chief Technology Officer
>>  
>> ---<end>----
>>  
>>  
>>  
>> Thank you.
>>  
>> Best regards,
>> Champika
>>  
>> ??????????????
>> Champika Wijayatunga
>> Security, Stability and Resiliency (SSR)
>> Regional SSR Engagement Manager - APAC
>> Internet Corporation for Assigned Names and Numbers (ICANN)
>> Email: <champika.wijayatunga at icann.org <mailto:champika.wijayatunga at icann.org>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20181001/4fad85e2/attachment.html>

------------------------------

_______________________________________________
nog mailing list
nog at bdnog.org
http://mailman.bdnog.org/mailman/listinfo/nog


End of nog Digest, Vol 59, Issue 1
**********************************
  _______________________________________________
nog mailing list
nog at bdnog.org
http://mailman.bdnog.org/mailman/listinfo/nog

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20181006/12eb1656/attachment-0001.html>


More information about the nog mailing list