DNSSEC – WindowsTechs.com

Since the DS recordset contains all of the child’s Key Signing Key, wouldn’t the DS recordset be massive and difficult to load for verification?

Posted on April 10, 2023 by xenon

I’m learning about DNSSEC today but I don’t quite understand about how a parent zone would store all of its child’s Key Signing Keys (DNSKEY 257) in its DS record set.
As far as I understand, if I have a subdomain, say, subdomain.icann.org… Continue reading Since the DS recordset contains all of the child’s Key Signing Key, wouldn’t the DS recordset be massive and difficult to load for verification?→

How can I validate the root DNS key-signing-key on the command line?

Posted on March 14, 2023 by merlin2011

Consider the following dig command and its truncated output:
dig . dnskey +dnssec +multi @a.root-servers.net
…
…
;; ANSWER SECTION:
. 172800 IN DNSKEY 257 3 8 (
AwEAAaz/tAm8yTn4Mfeh… Continue reading How can I validate the root DNS key-signing-key on the command line?→

DNSSEC Client Validation – The Last Mile in DNSSEC

Posted on February 20, 2023 by joker

When a Windows computer wants to resolve a domain name, it offloads the request to a DNS resolver and tells the resolver that it wants to resolve with DNSSEC (by setting the ‘DO’ bit in the query). The DNS resolver will use DNSSEC and will… Continue reading DNSSEC Client Validation – The Last Mile in DNSSEC→

Secure DNS (DoH, DoT) differences, performance, comparison

Posted on January 5, 2023 by Vlastimil Burián

I am reading up on secure DNS (DoH, DoT) and trying to identify its differences. Currently, I am on https://www.cloudflare.com/learning/dns/dns-over-tls/ page.

Is there for example some non-negligible performance hit between those two?
I… Continue reading Secure DNS (DoH, DoT) differences, performance, comparison→

How to set up DNS encryption on my home router? [migrated]

Posted on November 22, 2022 by forestsounds89

I set up OpenWRT on my Belkin RT3200 and I want to have quad9 encrypted DNS with dnssec and Secure SNI, but I could not figure out how to set up DNScrypt correctly on my router and I’m not sure if that’s the best method.
I’d like to avoid … Continue reading How to set up DNS encryption on my home router? [migrated]→

How to properly handle DNSKEY delegation across DNS zones?

Posted on August 22, 2022 by Rix

I’m trying to implement a toy project DNSSEC supported DNS resolver to learn about both DNS and DNSSEC.
Most of my implementation are finished. But for some domains it’s not working correctly, and I noticed some differences when comparing … Continue reading How to properly handle DNSKEY delegation across DNS zones?→

How to identify a name server that does not have DNSSEC implemented?

Posted on July 31, 2022 by Syskey Whiskey

I tried dig +dnssec dig [domain name] +dnssec +short. Is RRSIG the only attribute to confirm if a name server has DNSSEC implemented or not? How do I identify a name server that has no DNSSEC implemented?
Also, what tools can I use to test… Continue reading How to identify a name server that does not have DNSSEC implemented?→

Is Anonymized DNSCrypt over Tor a better alternative to having Doh+ECH?

Posted on July 19, 2022 by Elias

I use dnscrypt-proxy’s anonymized DNScrypt with multiple relays, force it all to use TCP, route them over Tor.
does this prevent my ISP or anyone in my country to see my DNS queries and client hellos when connecting to websites and servers… Continue reading Is Anonymized DNSCrypt over Tor a better alternative to having Doh+ECH?→

Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?

Posted on July 6, 2022 by New Alexandria

First, I can update this with the affected domain, if it’s critical, but for obvious reasons I’d like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have full control of all related accounts: Re… Continue reading Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?→

Power Shell or .Net library to check if DNSSEC is setup for a domain [closed]

Posted on May 30, 2022 by TEST tEsT

I am building an application in ASP.NET core MVC which allow users to enter a domain name and click submit >> then the application should check if DNSSEC is setup for a domain >> update the database accordingly.
So is there a …. Continue reading Power Shell or .Net library to check if DNSSEC is setup for a domain [closed]→