Getting RRSIG records when do bit is set
Hello, When I set the do bit in dig, I get back RRSIG records associated with the Query Type, but I don’t get the RRSIGs when I create a measurement with do bit set in Ripe Atlas. Can I replicate the same behavior in RIPE atlas? Thanks
On 2021/07/06 3:41 , pravicha wrote:
When I set the do bit in dig, I get back RRSIG records associated with the Query Type, but I don’t get the RRSIGs when I create a measurement with do bit set in Ripe Atlas. Can I replicate the same behavior in RIPE atlas?
Hi, Can you give a measurement ID that didn't work as expected? Philip
Hello Philip, The measurement ID is 31426231. I query for DNSKEY records, have the do bit set in this and yet don’t get back the RRSIGs. Thanks
On Jul 6, 2021, at 5:25 AM, Philip Homburg <philip.homburg@ripe.net> wrote:
On 2021/07/06 3:41 , pravicha wrote:
When I set the do bit in dig, I get back RRSIG records associated with the Query Type, but I don’t get the RRSIGs when I create a measurement with do bit set in Ripe Atlas. Can I replicate the same behavior in RIPE atlas?
Hi,
Can you give a measurement ID that didn't work as expected?
Philip
On 2021/07/06 16:18 , pravicha wrote:
The measurement ID is 31426231. I query for DNSKEY records, have the do bit set in this and yet don’t get back the RRSIGs.
Hi, DNSSEC OK flag is false in this measurement. See https://atlas.ripe.net/measurements/31426231/#general and then 'DNS Specific Settings'. Maybe something went wrong in the creation of the measurement. What tool did you use? Philip
Hello, Thank you for the quick response. I created the measurement on RIPE atlas portal. Please find the below image for reference, every time I check the Set DO bit field. I’ve also used the Rest API and the measurement looks like this, "af": 4, "query_class": "IN", "query_type": "RRSIG", "query_argument": "example.com<http://example.com>", "use_macros": false, "description": "DNS measurement to", "use_probe_resolver": true, "resolve_on_probe": false, "set_nsid_bit": false, "protocol": "UDP", "udp_payload_size": 512, "retry": 0, "skip_dns_check": false, "include_qbuf": false, "include_abuf": true, "prepend_probe_id": false, "set_rd_bit": false, "set_do_bit": true, "set_cd_bit": false, "timeout": 5000, "type": "dns" [cid:A4892F22-405F-478C-9630-C487C5955BB8] Thanks On Jul 6, 2021, at 10:59 AM, Philip Homburg <philip.homburg@ripe.net<mailto:philip.homburg@ripe.net>> wrote: On 2021/07/06 16:18 , pravicha wrote: The measurement ID is 31426231. I query for DNSKEY records, have the do bit set in this and yet don’t get back the RRSIGs. Hi, DNSSEC OK flag is false in this measurement. See https://atlas.ripe.net/measurements/31426231/#general and then 'DNS Specific Settings'. Maybe something went wrong in the creation of the measurement. What tool did you use? Philip
Sorry the API would look like the one below, with DNSKEY, not RRSIG { "af": 4, "query_class": "IN", "query_type": "DNSKEY", "query_argument": "example.com<http://example.com>", "use_macros": false, "description": "DNS measurement to", "use_probe_resolver": true, "resolve_on_probe": false, "set_nsid_bit": false, "protocol": "UDP", "udp_payload_size": 512, "retry": 0, "skip_dns_check": false, "include_qbuf": false, "include_abuf": true, "prepend_probe_id": false, "set_rd_bit": false, "set_do_bit": true, "set_cd_bit": false, "timeout": 5000, "type": "dns" } On Jul 6, 2021, at 11:04 AM, pravicha <pravicha@masonlive.gmu.edu<mailto:pravicha@masonlive.gmu.edu>> wrote: Hello, Thank you for the quick response. I created the measurement on RIPE atlas portal. Please find the below image for reference, every time I check the Set DO bit field. I’ve also used the Rest API and the measurement looks like this, "af": 4, "query_class": "IN", "query_type": "RRSIG", "query_argument": "example.com<http://example.com/>", "use_macros": false, "description": "DNS measurement to", "use_probe_resolver": true, "resolve_on_probe": false, "set_nsid_bit": false, "protocol": "UDP", "udp_payload_size": 512, "retry": 0, "skip_dns_check": false, "include_qbuf": false, "include_abuf": true, "prepend_probe_id": false, "set_rd_bit": false, "set_do_bit": true, "set_cd_bit": false, "timeout": 5000, "type": "dns" <PastedGraphic-1.png> Thanks On Jul 6, 2021, at 10:59 AM, Philip Homburg <philip.homburg@ripe.net<mailto:philip.homburg@ripe.net>> wrote: On 2021/07/06 16:18 , pravicha wrote: The measurement ID is 31426231. I query for DNSKEY records, have the do bit set in this and yet don’t get back the RRSIGs. Hi, DNSSEC OK flag is false in this measurement. See https://atlas.ripe.net/measurements/31426231/#general and then 'DNS Specific Settings'. Maybe something went wrong in the creation of the measurement. What tool did you use? Philip
This is another measurement, which has the do bit set, 31426253. On Jul 6, 2021, at 11:06 AM, pravicha <pravicha@masonlive.gmu.edu<mailto:pravicha@masonlive.gmu.edu>> wrote: Sorry the API would look like the one below, with DNSKEY, not RRSIG { "af": 4, "query_class": "IN", "query_type": "DNSKEY", "query_argument": "example.com<http://example.com/>", "use_macros": false, "description": "DNS measurement to", "use_probe_resolver": true, "resolve_on_probe": false, "set_nsid_bit": false, "protocol": "UDP", "udp_payload_size": 512, "retry": 0, "skip_dns_check": false, "include_qbuf": false, "include_abuf": true, "prepend_probe_id": false, "set_rd_bit": false, "set_do_bit": true, "set_cd_bit": false, "timeout": 5000, "type": "dns" } On Jul 6, 2021, at 11:04 AM, pravicha <pravicha@masonlive.gmu.edu<mailto:pravicha@masonlive.gmu.edu>> wrote: Hello, Thank you for the quick response. I created the measurement on RIPE atlas portal. Please find the below image for reference, every time I check the Set DO bit field. I’ve also used the Rest API and the measurement looks like this, "af": 4, "query_class": "IN", "query_type": "RRSIG", "query_argument": "example.com<http://example.com/>", "use_macros": false, "description": "DNS measurement to", "use_probe_resolver": true, "resolve_on_probe": false, "set_nsid_bit": false, "protocol": "UDP", "udp_payload_size": 512, "retry": 0, "skip_dns_check": false, "include_qbuf": false, "include_abuf": true, "prepend_probe_id": false, "set_rd_bit": false, "set_do_bit": true, "set_cd_bit": false, "timeout": 5000, "type": "dns" <PastedGraphic-1.png> Thanks On Jul 6, 2021, at 10:59 AM, Philip Homburg <philip.homburg@ripe.net<mailto:philip.homburg@ripe.net>> wrote: On 2021/07/06 16:18 , pravicha wrote: The measurement ID is 31426231. I query for DNSKEY records, have the do bit set in this and yet don’t get back the RRSIGs. Hi, DNSSEC OK flag is false in this measurement. See https://atlas.ripe.net/measurements/31426231/#general and then 'DNS Specific Settings'. Maybe something went wrong in the creation of the measurement. What tool did you use? Philip
On 2021/07/06 17:21 , pravicha wrote:
This is another measurement, which has the do bit set, 31426253.
This one does indeed have the DO flag set. Where it goes wrong is that Atlas DNS measurements default to a UDP buffer size of 512 octets. The result that comes back is truncated. In measurement 31428793, I set the buffer to 2048. Philip
Thank you so much. I didn’t realise this. Thanks
On Jul 6, 2021, at 12:17 PM, Philip Homburg <philip.homburg@ripe.net> wrote:
On 2021/07/06 17:21 , pravicha wrote:
This is another measurement, which has the do bit set, 31426253.
This one does indeed have the DO flag set.
Where it goes wrong is that Atlas DNS measurements default to a UDP buffer size of 512 octets. The result that comes back is truncated.
In measurement 31428793, I set the buffer to 2048.
Philip
participants (2)
-
Philip Homburg -
pravicha