[Internet-e-architetture-di-rete] ancora su resolver e autoritativi
Mauro Angiolillo
m.angiolillo at comuneap.gov.it
Tue May 17 12:32:23 CEST 2016
Buongiorno prof,
> non indugiate dunque e inviate quanto prima le risposte
indugiare?!?! giammai!
---+-----------------------------------------------------+
Q1. | qual e' il RR IN MX per il nome a dominio gnu.org.?
Interrogo il resolver configurato sul mio sistema:
[morpheus at ultron:~] dig gnu.org IN MX +short
10 eggs.gnu.org.
quindi, per conferma, interrogo il resolver pubblico di google
[morpheus at ultron:~] dig @8.8.8.8 gnu.org IN MX +short
10 eggs.gnu.org.
inoltre, potrei chiederlo direttamente al server autoritativo primario della zona
[morpheus at ultron:~] dig @$(dig gnu.org. IN SOA +short | awk '{ print $1 }') gnu.org. IN MX +short
10 eggs.gnu.org.
---+-----------------------------------------------------+
Q2. | qual e' il RR IN AAAA di $1?
[morpheus at ultron:~] dig $(dig gnu.org IN MX +short | awk '{ print $2}') IN AAAA +short
2001:4830:134:3::10
---+-----------------------------------------------------+
Q3. | qual e' il RR IN PTR di $2?
[morpheus at ultron:~] dig -x $(dig $(dig gnu.org IN MX +short | awk '{ print $2}') IN AAAA +short) +short
eggs.gnu.org.
---+-----------------------------------------------------+
Q4. | qual e' un RR IN NS di com.?
seleziono uno tra i seguenti (ad esempio k)
[morpheus at ultron:~] dig com. IN NS +short
g.gtld-servers.net.
l.gtld-servers.net.
j.gtld-servers.net.
h.gtld-servers.net.
m.gtld-servers.net.
k.gtld-servers.net.
f.gtld-servers.net.
e.gtld-servers.net.
c.gtld-servers.net.
i.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.
a.gtld-servers.net.
oppure, per semplicità, scelgo l'autoritativo primario dichiarato nel record soa
[morpheus at ultron:~] dig com. IN SOA +short | awk '{ print $1 }'
a.gtld-servers.net.
---+-----------------------------------------------------+
Q5. | qual e' il RR IN A di $4?
[morpheus at ultron:~] dig $(dig com. IN SOA +short | awk '{ print $1 }') IN A +short
192.5.6.30
---+-----------------------------------------------------+
Q6. | qual e' il RR IN PTR di $5?
[morpheus at ultron:~] dig -x $(dig $(dig com. IN SOA +short | awk '{ print $1 }') IN A +short) +short
a.gtld-servers.net.
---+-----------------------------------------------------+
Q7. | qual e' il RR IN PTR di 114.19.0.193.in-addr.arpa.?
[morpheus at ultron:~] dig 114.19.0.193.in-addr.arpa. IN PTR +short
mahimahi.ripe.net.
---+-----------------------------------------------------+
Q8. | qual e' il dominio in-addr.arpa. per 127.0.0.1?
127.in-addr.arpa.
---+-----------------------------------------------------+
Q9. | qual e' il dominio ip6.arpa. per fe80::e6ce:8ff:2:1?
8.E.F.IP6.ARPA.
---+-----------------------------------------------------+
Q10.| qual e' il RR IN A di mail.comune.osimo.an.it?
[morpheus at ultron:~] dig mail.comune.osimo.an.it IN A +short
217.58.27.54
---+-----------------------------------------------------+
Q11.| qual e' il RR IN PTR di $10?
[morpheus at ultron:~] dig -x $(dig mail.comune.osimo.an.it IN A +short) +short
host54-27-static.58-217-b.business.telecomitalia.it.
(ahi ahi, comune di osimo)
---+-----------------------------------------------------+
Q12.| qual e' il RR IN A di $11?
[morpheus at ultron:~] dig $(dig -x $(dig mail.comune.osimo.an.it IN A +short) +short) +short
---+-----------------------------------------------------+
Q13.| qual e' il RR IN TXT di comune.osimo.an.it?
[morpheus at ultron:~] dig comune.osimo.an.it IN TXT +short
217.58.27.54
---+-----------------------------------------------------+
Q14.| qual e' il RR IN RRSIG di RR IN AAAA di as112.net.?
[morpheus at ultron:~] dig as112.net. IN AAAA +dnssec +short
2001:4f8:3:2bc::198
AAAA 8 2 3600 20160515101102 20160415091102 24264 as112.net. 2CltUuuClRPawhgtjt7lDTm7Kru21veaxDw1/J9EkWLSU6u0Cq+lLd8Z
ODGmKtyuivJFmYRBiuRObe2ylNgPNM03Vf/0K9eutmRm/pb/0Is9TyBL UsF4/PIleR7qb5fw8vBW9a5t80/8D7lW4CrVNu6mgU4lWEWBE5b8wxX/ O+U=
# Verifico la situazione delle chiavi
[morpheus at ultron:~] dig . dnskey > my_dns_root.key
[morpheus at ultron:~] drill -k my_dns_root.key -TD as112.net. AAAA
;; Number of trusted keys: 2
;; Domain: .
[T] . 172800 IN DNSKEY 257 3 8 ;{id = 19036 (ksk), size = 2048b}
. 172800 IN DNSKEY 256 3 8 ;{id = 60615 (zsk), size = 1024b}
Checking if signing key is trusted:
New key: . 172800 IN DNSKEY 256 3 8
AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
;{id = 60615 (zsk), size = 1024b}
Trusted key: . 18432 IN DNSKEY 256 3 8
AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
;{id = 60615 (zsk), size = 1024b}
Key is now trusted!
Trusted key: . 18432 IN DNSKEY 257 3 8
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
;{id = 19036 (ksk), size = 2048b}
Trusted key: . 172800 IN DNSKEY 257 3 8
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
;{id = 19036 (ksk), size = 2048b}
Trusted key: . 172800 IN DNSKEY 256 3 8
AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
;{id = 60615 (zsk), size = 1024b}
Key is now trusted!
[T] net. 86400 IN DS 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee
;; Domain: net.
[T] net. 86400 IN DNSKEY 257 3 8 ;{id = 35886 (ksk), size = 2048b}
net. 86400 IN DNSKEY 256 3 8 ;{id = 50762 (zsk), size = 1024b}
Checking if signing key is trusted:
New key: net. 86400 IN DNSKEY 256 3 8
AQPNMFqRLYVsvz7L1y7athCoAHynoJiOVUijHAlQ2o70ZTUsQb0RJsAKQlFztuClkFMzweDRlochZ7y7JWCLqUzGAmtbT2T7duYQk+eGHqbz4FmuaZEMDuvQ1zkFQFYbO4vuWZ2IFESXjZkYhzmkkEQYpjPoF3yzUGnud6w5QksP0Q==
;{id = 50762 (zsk), size = 1024b}
Trusted key: . 18432 IN DNSKEY 256 3 8
AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
;{id = 60615 (zsk), size = 1024b}
Trusted key: . 18432 IN DNSKEY 257 3 8
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
;{id = 19036 (ksk), size = 2048b}
Trusted key: . 172800 IN DNSKEY 257 3 8
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
;{id = 19036 (ksk), size = 2048b}
Trusted key: . 172800 IN DNSKEY 256 3 8
AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
;{id = 60615 (zsk), size = 1024b}
Trusted key: net. 86400 IN DNSKEY 257 3 8
AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmXSuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQDS4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn
;{id = 35886 (ksk), size = 2048b}
Trusted key: net. 86400 IN DNSKEY 256 3 8
AQPNMFqRLYVsvz7L1y7athCoAHynoJiOVUijHAlQ2o70ZTUsQb0RJsAKQlFztuClkFMzweDRlochZ7y7JWCLqUzGAmtbT2T7duYQk+eGHqbz4FmuaZEMDuvQ1zkFQFYbO4vuWZ2IFESXjZkYhzmkkEQYpjPoF3yzUGnud6w5QksP0Q==
;{id = 50762 (zsk), size = 1024b}
Key is now trusted!
[T] as112.net. 86400 IN DS 45430 8 1 f0934d44ee4ce36db4ec2b08d09475da4d8323b7
;; Domain: as112.net.
[B] as112.net. 3600 IN DNSKEY 256 3 8 ;{id = 24264 (zsk), size = 1024b}
as112.net. 3600 IN DNSKEY 257 3 8 ;{id = 45430 (ksk), size = 4096b}
as112.net. 3600 IN DNSKEY 256 3 8 ;{id = 59088 (zsk), size = 1024b}
[B] as112.net. 300 IN AAAA 2620:ff:c000::198
;; Error: No keys with the keytag and algorithm from the RRSIG found
;;[S] self sig OK; [B] bogus; [T] trusted
Mhmhm sembra ci sia una chiave scaduta, diamo una controllata a http://dnsviz.net/d/as112.net/dnssec/
---+-----------------------------------------------------+
Q15. infine: se volessi inviare una e-mail al responsabile della zona
org, a quale indirizzo dovrei inviarla?
[morpheus at ultron:~] echo "mailto:$(dig org. IN SOA +short | awk '{ print $2 }' | sed -e 's/\./@/')"
Come di consueto mi auguro di non aver commesso errori troppo grossolani, nel caso non esitate a farmelo notare il prima
possibile.
Mauro
--
Dott. Ing. Mauro Angiolillo
Linux Registered User #343216
GnuPG-Key fingerprint = 90A3 3F92 6008 7383 A569 E952 CF97 383B 63F6 F425
-*-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://list.informagiovani.comunesbt.it/pipermail/internet-e-architetture-di-rete/attachments/20160517/4679f8d5/attachment.bin>
More information about the Internet-e-architetture-di-rete
mailing list