apologies for cross-posting...
On 4 February 2008, IANA will add AAAA records for the IPv6 addresses
of the four root servers whose operators have requested it. A
technical analysis of inserting IPv6 records into the root has been
done by a joint working group of ICANN's Root Server System Advisory
Committee and Security and Stability Advisory Committee, a report of
which can be found at http://www.icann.org/committees/security/
sac018.pdf. Network operators should take whatever steps they feel
appropriate to prepare for the inclusion of AAAA records in response
to root queries.
More information will be posted to the IANA web site during January.
Regards,
Barbara Roseman
IANA General OperationsManager
ICANN
Hello DISI
The zone ris.ripe.net is bogus. It appears that the DS RR doesn't
match the KSK DNSKEY RR. ripe.net is fine (with the newest trust
anchors). According to drill:
: gall@hadron[gall]; cat /tmp/ripe.key
ripe.net. IN DNSKEY 257 3 5 AwEAAZ+vLzvkn0wkjcSmpoZRIOU0Suaw1EegrH9T0vwGOG9EbdgBYs6p 1lyjy2aHfZ4EnhVVVsElpSMBFzKItwzJeR9jxZC23dHw57saKC6enu7K K0m3fUQagzHqcu5RKn/T+0w1Q51UTdsLiBfCpqzQ10+T1oRxCXYWOyIi jApUQCFvybf1U6S/7lOLagzzoSU6lzxcUivWxLEM0SbzYIoV1OWXIjnj X/7/ChvZPqr01iY9th4nXlK52Da0mPaPbunLF353s4LQ6CsmcFG3zCfg 6iYRugF/NE1uMbdpzsff7nV1/K4PdSJjLt/AKsofQbbca8zH6YEolTcA T8o18/H13jE=
: gall@hadron[gall]; drill -S -k /tmp/ripe.key ripe.net. soa | tail -5
DNSSEC Trust tree:
ripe.net. (SOA)
|---ripe.net. (DNSKEY keytag: 62805)
|---ripe.net. (DNSKEY keytag: 21238)
;; Chase successful
: gall@hadron[gall]; drill -S -k /tmp/ripe.key ris.ripe.net. soa | tail -5
ris.ripe.net. (SOA)
|---ris.ripe.net. (DNSKEY keytag: 51156)
|---ris.ripe.net. (DNSKEY keytag: 21022)
No trusted keys found in tree: first error was: No DNSSEC public key(s)
;; Chase failed.
The keytag of the DS record is 56179
: gall@hadron[unbound]; dig ris.ripe.net. ds +short
56179 5 1 B8F1169306DA0679416580D5AC3F43572B3318B6
--
Alex
