From owner-freebsd-questions@FreeBSD.ORG Mon Apr 19 16:18:09 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3F2A1065670 for ; Mon, 19 Apr 2010 16:18:08 +0000 (UTC) (envelope-from prvs=0718cc3a79=johnl@iecc.com) Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by mx1.freebsd.org (Postfix) with ESMTP id 9E6C28FC1B for ; Mon, 19 Apr 2010 16:18:08 +0000 (UTC) Received: (qmail 84195 invoked from network); 19 Apr 2010 16:18:07 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=k1004; bh=SwyASSFIy6QEpgrwcbXwGqcu3W0WFWQb6qLhlbtyPqw=; b=NMxUFkTS1CA6p7P9/M3lxZpDVOb0d7OPEl6D8N6ygP4VJrWOJfH5M9cY6D4vb4mMYF2VHOFS2RG4dKI2LnZ8ELapDAeBNriOTlZ7Gw/sk2DPreft2bA9izSg1Iv2dxe4I1G0hmi7hTt3bl6b5lxRKZDWue6zxtJVZS7h8UB4sHk= Received: (ofmipd 64.57.183.62) with (DHE-RSA-AES256-SHA encrypted) SMTP; 19 Apr 2010 16:17:45 -0000 Date: 19 Apr 2010 12:18:06 -0400 Message-ID: From: "John R. Levine" To: "krad" In-Reply-To: References: <20100419145615.48204.qmail@joyce.lan> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) Cleverness: None detected MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: DJB and root ns server dnssec signing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2010 16:18:09 -0000 > ok this is the bit that worries me That looks perfectly normal, since .museum is a TLD and doesn't have an A record. Try about.museum, which has these records in the TLD's zone file: about.museum. 86400 IN NS nic.frd.se. about.museum. 86400 IN NS nic.museum. about.museum. 3600 IN NSEC academy.museum. NS RRSIG NSEC about.museum. 3600 IN RRSIG NSEC 5 2 3600 20100514183858 20100414183858 1290 museum. nuT/EvDH+akM3yzOLX3eNwMLsUpwOCoNWBl9HSqFZm1JqiGWOEw0/Bdl JgZkFOE648z8/scupZw6iRrh4tFLUQci8o4o09MvN88TI+rDpDLOFYy1 DbqKYp2OSaKEUju9MBhDPdAEmZKFLw1nckg2ZQ4s3BeWoOEvgxcS2lqy U+Y= > > Bind server on public ip (not firewalled) > > # /usr/local/bind-9.7.0-P1/bin/dig @127.0.0.1 museum > > ; <<>> DiG 9.7.0-P1 <<>> @127.0.0.1 museum > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33867 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;museum. IN A > > ;; AUTHORITY SECTION: > museum. 3485 IN SOA nic.museum. hostmaster.nic.museum. > 2010041637 28800 7200 1209600 3600 > > ;; Query time: 3 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Mon Apr 19 16:51:17 2010 > ;; MSG SIZE rcvd: 75 > > > querying the djb public server > > > # /usr/local/bind-9.7.0-P1/bin/dig @djbcache museum > > ; <<>> DiG 9.7.0-P1 <<>> @mk-cache-7.ns.uk.tiscali.com museum > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10827 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;museum. IN A > > ;; Query time: 1 msec > ;; SERVER: 212.139.132.43#53(212.139.132.43) > ;; WHEN: Mon Apr 19 16:52:01 2010 > ;; MSG SIZE rcvd: 24 > Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.