[Dnssec-trigger] dnssec-trigger release 0.6
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Fri Oct 21 15:09:23 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Phil,
On 10/21/2011 04:34 PM, Phil Regnauld wrote:
> W.C.A. Wijngaards (wouter) writes:
>>> Can we get an option to specify the port 80/443 fallback server? :)
>>
>> It exists:
>> tcp80: <IP>
>> tcp443: <IP>
>> in dnssec-trigger.conf adds more entries. Just add more of these lines
>> to enable more servers. The nlnetlabs server is there as a start (you
>> can remove the lines with .42 in them to disable if you do not want to
>> send queries to nlnetlabs).
>
> How to deal with a network that will allow tcp/53, but actually
> filter DNS on TCP 80/443 ?
>
> Would it be an idea to have a more generic mechanism for specifying
> the port ? It doesn't like tcp53: :)
Can you try a number of probe digs?
dig @192.5.5.241 (f-root server over UDP).
dig @192.5.5.241 +vc (f-root over TCP)
dig @213.154.224.42 +vc -p 80 (port80 over TCP)
dig @213.154.224.42 +vc -p 443 (port443 over TCP)
dig @213.154.224.42 +vc (port53 over TCP)
Can you do https://www.nlnetlabs.nl? We have a cert from CAcert, if you
can get that, then presumably DANE could work over port443.
And which ones work (if they all do, its a transparent proxy somehow,
try +dnssec and so on).
It would be interesting to see what sort of proxy this is :-)
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOoYsjAAoJEJ9vHC1+BF+NlM4P/RZG7Al+UdrjUH8ShVTgSYQ9
1MBEZvYPqjEoWOFM3XKGHvxeEaKN4gYBfGhq+CggRhvt8/4OeY9LY1BoU68EDVgO
7OIIMoMOh+lPiubp9gV1Uhtxi38hVj9K0t3SAtWM4cm2rAuH/iO5iy4NP87/Vu9a
XWtvbE/NtIz8fpba0kuF+zItja34lV49bMR4FZRmMy44kXcdAGnyKUTkD8ZKULym
Si3OZgZyIlE4kcZej1HTO9Ss0d5cG7k69sUniUlI0DOShkhNOCl3EsBnG4+BNsYN
bPFzxuMiqPwfwS81caQLygkNsjy8h8GF+q8VSC7dRIlWpolexJ+lxb/t+1elUzHt
xdWjI2SfbTv+2/WYtAxMq50cmpdtdBDUT+R9kkMvDu0yizTIa+qlRdUZ+XOFqVki
/dHyI384kRC1+NxkkahTWzPVrBTHOIzF7tpWHGC2oUlDIImsjiIK1Wei/blMymzU
uKrusCgvwhdyLcJW1nglG7JOfKqFimZeOe3oWWxpAiTUMfunZR5Yqg/ON2OXOlit
0IcCQY2oQsH1s9efoINZu6jYLZ+rKvA1/rfm2H00U42igWAiczF+vpdTpIkNcR2X
pULjtezLRoYRGL+ySD+IzCBR2Hr/3tbfJv9Er+XdeSsM9mvasLnIl0KC4dA7XAdB
rsdh/g2b64Wv11VHIyK7
=bHGH
-----END PGP SIGNATURE-----
More information about the dnssec-trigger
mailing list