> On Sat, 23 Aug 2008, Mark Andrews wrote: > > > > > On Fri, 22 Aug 2008, Mark Andrews wrote: > > > > David do you have a nameserver we can bounce queries off > > > > which has the root zone signed as it would be in production? > > > > > > VeriSign's root DNSSEC testbed is serving a root zone that is not > > > modified before signing. See http://webroot.verisignlabs.com and send > > > your DNS queries to root.verisignlabs.com. > > > > > > Matt > > > > root-servers.net needs to be configured on to this server. > > > > % dig ns . +dnssec +bufsize=1460 @root.verisignlabs.com +vc > > Done. > > Note that the root-servers.net zone as configured on > root.verisignlabs.com is not signed, since the root-servers.net zone > would not be signed, nor would it need to be, if the root were > signed.
We can argue about that. A second server with a signed root-servers.net would still be useful for testing as it will be signed one day. > Matt > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop The lowest two common EDNS buffer sizes are fine with this as it sets TC ([EMAIL PROTECTED]) or is complete ([EMAIL PROTECTED]). Mark ; <<>> DiG 9.3.4-P1 <<>> ns . +dnssec +bufsize=512 @root.verisignlabs.com +ignore ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58929 ;; flags: qr aa tc rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS e.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS a.root-servers.net. ;; Query time: 235 msec ;; SERVER: 72.13.36.80#53(72.13.36.80) ;; WHEN: Wed Aug 27 10:57:27 2008 ;; MSG SIZE rcvd: 239 ; <<>> DiG 9.3.4-P1 <<>> ns . +dnssec +bufsize=1200 @root.verisignlabs.com +ignore ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24976 ;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS e.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN RRSIG NS 5 0 518400 20080902070000 20080826060000 65403 . W/7EJgWMzUkiuqIme/xTs79GNoAUiz9LlK1F27YqBV9HJ9EYLtuQj7Ch wkbde8AcggQCP8BDPiCtZYg7+vu02n/Jrar+D3Sn8tKH38G/ImfPPDVT RKMadURlhzjnnzswZar7MaVewBQLel3CNC4QyI+IAkH86wiJ9gyVVQX8 bcyIFXpOseE9u+554xQxJCByyZ6eQkeLz/AKzST4Zgv+4bo9B7g+tvgY bIryeN+Bh2UukOE32F1nImXwyd0LtjE42qTYFONObb1945lPcGwmDyOa uvLgBOozpjUJ6iGyl4aZQIMSn/pLnBp57/w77eBsC3LWZxIUR9mGyYqY Py8UDw== ;; ADDITIONAL SECTION: a.root-servers.net. 3600000 IN A 198.41.0.4 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 3600000 IN A 192.228.79.201 c.root-servers.net. 3600000 IN A 192.33.4.12 d.root-servers.net. 3600000 IN A 128.8.10.90 e.root-servers.net. 3600000 IN A 192.203.230.10 f.root-servers.net. 3600000 IN A 192.5.5.241 f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f g.root-servers.net. 3600000 IN A 192.112.36.4 h.root-servers.net. 3600000 IN A 128.63.2.53 h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235 i.root-servers.net. 3600000 IN A 192.36.148.17 j.root-servers.net. 3600000 IN A 192.58.128.30 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 3600000 IN A 193.0.14.129 k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 l.root-servers.net. 3600000 IN A 199.7.83.42 m.root-servers.net. 3600000 IN A 202.12.27.33 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 ;; Query time: 236 msec ;; SERVER: 72.13.36.80#53(72.13.36.80) ;; WHEN: Wed Aug 27 10:58:06 2008 ;; MSG SIZE rcvd: 901 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop