dane.sys4.de DANE SMTP test site

Jerry Tue, 13 Jan 2015 05:52:11 -0800

On Tue, 13 Jan 2015 00:48:26 +0000, Viktor Dukhovni stated:

> Example domain:
> 
>     $ nss=$(dig +short -t ns medicaljournals.se)
>     $ mx=$(dig +short -t mx medicaljournals.se | sort -n | head -1 | awk
> '{print $NF}')
> 
>     $ for ns in $nss; do echo "== $ns"; dig -4 +norecur +dnssec +noall
> +comment +ans +auth +nocl +nottl +nosplit -t tlsa _25._tcp.$mx @$ns; done |
> pcregrep -v '\.\s+RRSIG' == atdns02.citynetwork.se. ;; connection timed
> out; no servers could be reached == atdns01.citynetwork.se.
>     ;; connection timed out; no servers could be reached
>     == atdns03.citynetwork.se.
>     ;; connection timed out; no servers could be reached
> 
>     $ for ns in $nss; do echo "== $ns"; dig -6 +norecur +dnssec +noall
> +comment +ans +auth +nocl +nottl +nosplit -t tlsa _25._tcp.$mx @$ns; done |
> pcregrep -v '\.\s+RRSIG' == atdns02.citynetwork.se. ;; Got answer:
>     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4696
>     ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
> 
>     ;; OPT PSEUDOSECTION:
>     ; EDNS: version: 0, flags: do; udp: 2800
>     ;; AUTHORITY SECTION:
>     medicaljournals.se.     SOA     atdns01.citynetwork.se.
> registry.citynetwork.se. 1420675200 1200 180 1209600 1209600
> 9hp7v3agqdd1n34m5sn4cnjri5oluc50.medicaljournals.se. NSEC3 1 1 1 AB
> 9HP7V3AGQDD1N34M5SN4CNJRI5OLUC51 A AAAA RRSIG
> j5smkk2av8iqv9eg775qcdieftl26ucq.medicaljournals.se. NSEC3 1 1 1 AB
> J5SMKK2AV8IQV9EG775QCDIEFTL26UCS
> 84tk4072dernts08eelfafnar8ecrdc5.medicaljournals.se. NSEC3 1 1 1 AB
> 84TK4072DERNTS08EELFAFNAR8ECRDC7
> 
>     == atdns01.citynetwork.se.
>     ;; Got answer:
>     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53657
>     ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
> 
>     ;; OPT PSEUDOSECTION:
>     ; EDNS: version: 0, flags: do; udp: 2800
>     ;; AUTHORITY SECTION:
>     medicaljournals.se.     SOA     atdns01.citynetwork.se.
> registry.citynetwork.se. 1420675200 1200 180 1209600 1209600
> 9hp7v3agqdd1n34m5sn4cnjri5oluc50.medicaljournals.se. NSEC3 1 1 1 AB
> 9HP7V3AGQDD1N34M5SN4CNJRI5OLUC51 A AAAA RRSIG
> j5smkk2av8iqv9eg775qcdieftl26ucq.medicaljournals.se. NSEC3 1 1 1 AB
> J5SMKK2AV8IQV9EG775QCDIEFTL26UCS
> 84tk4072dernts08eelfafnar8ecrdc5.medicaljournals.se. NSEC3 1 1 1 AB
> 84TK4072DERNTS08EELFAFNAR8ECRDC7
> 
>     == atdns03.citynetwork.se.
>     ;; Got answer:
>     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17885
>     ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
> 
>     ;; OPT PSEUDOSECTION:
>     ; EDNS: version: 0, flags: do; udp: 2800
>     ;; AUTHORITY SECTION:
>     medicaljournals.se.     SOA     atdns01.citynetwork.se.
> registry.citynetwork.se. 1420675200 1200 180 1209600 1209600
> 9hp7v3agqdd1n34m5sn4cnjri5oluc50.medicaljournals.se. NSEC3 1 1 1 AB
> 9HP7V3AGQDD1N34M5SN4CNJRI5OLUC51 A AAAA RRSIG
> j5smkk2av8iqv9eg775qcdieftl26ucq.medicaljournals.se. NSEC3 1 1 1 AB
> J5SMKK2AV8IQV9EG775QCDIEFTL26UCS
> 84tk4072dernts08eelfafnar8ecrdc5.medicaljournals.se. NSEC3 1 1 1 AB
> 84TK4072DERNTS08EELFAFNAR8ECRDC7
> 
> With IPv4, TLSA queries time out.  With IPv6, the same queries
> return NXDOMAIN, as the TLSA records don't exist.  This particular
> DNS operator has been notified, and a ticket is open, but resolution
> is taking quite some time.


Victor, is there anyway you could translate that so it could be used with
"drill" instead of "dig"? If not, I will just keep trying to do it myself.

Thanks!

Re: ANN: dane-users@sys4.de mailing list and https://dane.sys4.de DANE SMTP test site

Reply via email to