DNSKEY Validation
Mark Elkins
mje at posix.co.za
Sun Jul 12 18:42:27 UTC 2009
I'm writing some DNSKEY Verification code in PHP
If I am given ...
257 3 5 BQEAAAABoURzbExxQ7B7dwyYIxLKdCUWDrbvBsLOsDvKO2hmJdrzSYIV gd8m
+scQO2zD2U6Uw5cL7E+QRCJl48pcA+7k6uuTwSdS11CAR1MkvwC1
NDVmR6vHSp55qKIhov4QljLr66BAYT2K9o0O/+JBhimjAGQ+IUBFMmwB f5lk57YX9T8=
(a valid - I hope - dnskey for cozatest.co.za) - what validity tests can
I perform?
I know:
Arg 1 should be 257 - for a Domain KSK,
Arg 2 must be 3 (a throw-back)
Arg 3 should be 5 (or maybe 3) - the algorithm.
Can I glean a domain name out of the base-64 stuff - or anything else
useful - time stamps, etc?
Decoding it produced nothing exciting.
[echo base64_decode($str);]
Any other tools to validate it?
If I was instead just given a DS Key - how would I then get the
corresponding DNSKEY? - which ISC's DLV seems to be able to do.
--
. . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the bind-users
mailing list