Difference between revisions of "DNSSEC"

From Hack Sphere Labs Wiki
Jump to: navigation, search
Line 6: Line 6:
  
 
google.com has no DNSSEC on the domain
 
google.com has no DNSSEC on the domain
 +
 +
<pre>
 +
dig +dnssec google.com
 +
 +
; <<>> DiG 9.6.2-P2 <<>> +dnssec google.com
 +
;; global options: +cmd
 +
;; Got answer:
 +
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30351
 +
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 5
 +
 +
;; OPT PSEUDOSECTION:
 +
; EDNS: version: 0, flags: do; udp: 4096
 +
;; QUESTION SECTION:
 +
;google.com. IN A
 +
 +
;; ANSWER SECTION:
 +
google.com. 225 IN A 74.125.65.99
 +
google.com. 225 IN A 74.125.65.104
 +
google.com. 225 IN A 74.125.65.147
 +
google.com. 225 IN A 74.125.65.103
 +
google.com. 225 IN A 74.125.65.106
 +
google.com. 225 IN A 74.125.65.105
 +
 +
;; AUTHORITY SECTION:
 +
google.com. 93256 IN NS ns3.google.com.
 +
google.com. 93256 IN NS ns1.google.com.
 +
google.com. 93256 IN NS ns4.google.com.
 +
google.com. 93256 IN NS ns2.google.com.
 +
 +
;; ADDITIONAL SECTION:
 +
ns2.google.com. 282102 IN A 216.239.34.10
 +
ns4.google.com. 277770 IN A 216.239.38.10
 +
ns3.google.com. 266056 IN A 216.239.36.10
 +
ns1.google.com. 266056 IN A 216.239.32.10
 +
 +
;; Query time: 25 msec
 +
;; SERVER: 66.0.32.14#53(66.0.32.14)
 +
;; WHEN: Sat Dec 10 14:06:04 2011
 +
;; MSG SIZE  rcvd: 271
 +
</pre>
  
 
upenn.edu does
 
upenn.edu does

Revision as of 12:07, 10 December 2011

dig @dnsserver domain.tld +dnssec

No authoritative dnssec response means no DNSSEC employed at domain. You will see the keys.

IE

google.com has no DNSSEC on the domain 

dig +dnssec google.com

; <<>> DiG 9.6.2-P2 <<>> +dnssec google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30351
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		225	IN	A	74.125.65.99
google.com.		225	IN	A	74.125.65.104
google.com.		225	IN	A	74.125.65.147
google.com.		225	IN	A	74.125.65.103
google.com.		225	IN	A	74.125.65.106
google.com.		225	IN	A	74.125.65.105

;; AUTHORITY SECTION:
google.com.		93256	IN	NS	ns3.google.com.
google.com.		93256	IN	NS	ns1.google.com.
google.com.		93256	IN	NS	ns4.google.com.
google.com.		93256	IN	NS	ns2.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.		282102	IN	A	216.239.34.10
ns4.google.com.		277770	IN	A	216.239.38.10
ns3.google.com.		266056	IN	A	216.239.36.10
ns1.google.com.		266056	IN	A	216.239.32.10

;; Query time: 25 msec
;; SERVER: 66.0.32.14#53(66.0.32.14)
;; WHEN: Sat Dec 10 14:06:04 2011
;; MSG SIZE  rcvd: 271

upenn.edu does 

dig +dnssec upenn.edu

; <<>> DiG 9.6.2-P2 <<>> +dnssec upenn.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29811
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;upenn.edu.			IN	A

;; AUTHORITY SECTION:
upenn.edu.		1251	IN	SOA	assailants.net.isc.upenn.edu. hostmaster.upenn.edu. 1002092872 10800 3600 604800 3600
upenn.edu.		1251	IN	RRSIG	SOA 5 2 3600 20120109192746 20111210182746 50475 upenn.edu. 09b8/qJl2E4O5gc63BRRCFrDzPLvwaZv+zPYUdWoFTNdZ8BoRbAtto+x BGAQOgPlVhWC8vIozWmed3J4KG74BcY1B4WaD+laiNg3rzKm2yBVorwC JXHyWIksF3/6uLeHWKf7w0DocYAtL5B8KtUuCjdRKN71qua/HqgHvGni 2u0=
upenn.edu.		1251	IN	NSEC	_kerberos.upenn.edu. NS SOA MX RRSIG NSEC DNSKEY TYPE65534
upenn.edu.		1251	IN	RRSIG	NSEC 5 2 3600 20111225082135 20111125080254 50475 upenn.edu. LOlp2Zajrztv0rgpWPMdKsfZzdC74ovhHDiwRg1xm7P9yIXaoZCdw8s0 R/E5iEhQTXevOklrlJj4AOBqXlKW5/2coMto8eO/ryobX+qglRv8SHoB q9xHFDEVxgRZZyEnX8QTIr+SFtLKJy+D1HKR2hMBwkq4nUCl17diOXE2 vIo=

;; Query time: 24 msec
;; SERVER: 66.0.32.14#53(66.0.32.14)
;; WHEN: Sat Dec 10 14:05:24 2011
;; MSG SIZE  rcvd: 518
Retrieved from "https://wiki.hackspherelabs.com/index.php?title=DNSSEC&oldid=302"