[Dnsmasq-discuss] dnskey

e9hack e9hack at gmail.com
Wed Jan 29 19:30:43 GMT 2014


How must I define a dnskey? Help shows:
--dnskey=<domain>,<algo>,<key>      Specify trust anchor DNSKEY

I retrieve the trust anchor DNSKEY for the de zone with dig +multiline de dnskey

; <<>> DiG 9.7.6-P4 <<>> +multiline de dnskey
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29712
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;de.			IN DNSKEY

;; ANSWER SECTION:
de.			835 IN DNSKEY 256 3 8 (
				AwEAAZ3qQoezSnp7jBTIOEp7FGWi7ONawnSRKH+YKCIN
				2lfos1JTOA4+3tEKaJ8RJ2PYExqsQqvD/JpMAmD26BrM
				UGUm4CXvbDy3bHcTP4dEuDCehZEbjDZIrK5zBaueS8qA
				5rnLbe9s/mFxexIiXl8FaCLeXqxWI6S0F5uJYOKqBxAF
				) ; key id = 60408
de.			835 IN DNSKEY 257 3 8 (
				AwEAAYbcKo2IA8l6arSIiSC+l97v2vgNXrxjBJK+XkX5
				FYMPDfr2QgtUMHfjLPfMKiSxEXT0uL+SucI1ohv5I0C/
				pgz9e9NFDhMCpHLPA5s9LIzQMHEs7Y+idlsRnBKe9Kw/
				B1RxzSZKxMd8UyAeA6j0vlZIKrokc1nr4ouvDhoYR3JD
				d7vCcvV08EIuaPgL0ijUYk071OOjRFG+waRZnVPAwFZs
				gDIgBJqDl/nRVRBI8k3YFVPka6Rls/EIDYloqG+X5VZC
				/VXbBb7fams8misz3MsLeVy/fiH0j8SJMAZSbQxqo+/z
				WUJogl4Tyb5TbT1LRTfbyxII2zQ/ATXocWOohSU=
				) ; key id = 24220

;; Query time: 14 msec
;; SERVER: 192.168.101.1#53(192.168.101.1)
;; WHEN: Wed Jan 29 19:21:18 2014
;; MSG SIZE  rcvd: 444

The second key is the trust anchor DNSKEY, right?

If I set something like this:
--dnskey=de,8,AwEAAYbcKo2IA8l6arSIiSC+l97v2vgNXrxjBJK+XkX5FYMPDfr2QgtUMHfjLPfMKiSxEXT0uL+SucI1ohv5I0C/pgz9e9NFDhMCpHLPA5s9LIzQMHEs7Y+idlsRnBKe9Kw/B1RxzSZKxMd8UyAeA6j0vlZIKrokc1nr4ouvDhoYR3JDd7vCcvV08EIuaPgL0ijUYk071OOjRFG+waRZnVPAwFZsgDIgBJqDl/nRVRBI8k3YFVPka6Rls/EIDYloqG+X5VZC/VXbBb7fams8misz3MsLeVy/fiH0j8SJMAZSbQxqo+/zWUJogl4Tyb5TbT1LRTfbyxII2zQ/ATXocWOohSU=

I get the error 'bad DNSKEY'.

Regards,
Hartmut




More information about the Dnsmasq-discuss mailing list