Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
From: reed%reedmedia.net@localhost
Date: Fri, 20 Mar 2020 18:15:30 -0500 (CDT)

> I don't know why but the created new digest hash didn't match.
> The technique is to use same digest algorithm type and create a digest 
> of the matching DNSKEY.  In this case the resulting digest didn't match. 
> (New one was six bytes shorter.)

I did this wrong. A little cleanup below. I don't know why the digests 
don't match.

> I will stop here. I just assume something is wrong with the crypto (in 
> bind9 or its dependencies).

;; validating ch/DNSKEY: JCR3: dns_rdata_tostruct result 0
;; validating ch/DNSKEY: JCR24: old key tag 55966
;; validating ch/DNSKEY: JCR25: old algorithm 13
;; validating ch/DNSKEY: JCR22: old ds length 32
;; validating ch/DNSKEY: JCR23: old digest CEB479416E4EFD770800434BE1245E1B10D4CF018255C11D8544C448FA032B32
;; validating ch/DNSKEY: JCR7: dns_rdata_tostruct result 0
;; validating ch/DNSKEY: JCR9: algorithm 13 13
;; validating ch/DNSKEY: JCR8: keytag 55966 18757
;; validating ch/DNSKEY: JCR7: dns_rdata_tostruct result 0
;; validating ch/DNSKEY: JCR9: algorithm 13 13
;; validating ch/DNSKEY: JCR8: keytag 55966 55966
;; validating ch/DNSKEY: JCR10: dns_ds_buildrdata result 0
;; validating ch/DNSKEY: JCR14: new type 43
;; validating ch/DNSKEY: JCR15: old length 36
;; validating ch/DNSKEY: JCR16: new length 36
;; validating ch/DNSKEY: JCR17: new digest type 2
;; validating ch/DNSKEY: JCR18: new key tag 55966
;; validating ch/DNSKEY: JCR19: new algorithm 13
;; validating ch/DNSKEY: JCR20: new ds length 32
;; validating ch/DNSKEY: JCR21: new digest CEB479416E4EFD770800434BE1245E1B10D4CF018255C11D8544C448FA032B32
;; validating ch/DNSKEY: JCR13: dns_rdata_compare result 0
;; validating ch/DNSKEY: JCR11: dns_rdata_compare
;; validating ch/DNSKEY: JCR2: keyfromds result 0
;; validating ch/DNSKEY: JCR: result 0
;; validating protonmail.ch/DNSKEY: JCR3: dns_rdata_tostruct result 0
;; validating protonmail.ch/DNSKEY: JCR24: old key tag 27196
;; validating protonmail.ch/DNSKEY: JCR25: old algorithm 8
;; validating protonmail.ch/DNSKEY: JCR22: old ds length 48
;; validating protonmail.ch/DNSKEY: JCR23: old digest E422EE237DE2FE29190F1BDDC0C0E2469679411F329AAB2A7BD8DE43575C1C6FAB6B9FFC521996E526F4B5D513798D9E
;; validating protonmail.ch/DNSKEY: JCR7: dns_rdata_tostruct result 0
;; validating protonmail.ch/DNSKEY: JCR9: algorithm 8 8
;; validating protonmail.ch/DNSKEY: JCR8: keytag 27196 6753
;; validating protonmail.ch/DNSKEY: JCR7: dns_rdata_tostruct result 0
;; validating protonmail.ch/DNSKEY: JCR9: algorithm 8 8
;; validating protonmail.ch/DNSKEY: JCR8: keytag 27196 27196
;; validating protonmail.ch/DNSKEY: JCR10: dns_ds_buildrdata result 0
;; validating protonmail.ch/DNSKEY: JCR14: new type 43
;; validating protonmail.ch/DNSKEY: JCR15: old length 52
;; validating protonmail.ch/DNSKEY: JCR16: new length 52
;; validating protonmail.ch/DNSKEY: JCR17: new digest type 4
;; validating protonmail.ch/DNSKEY: JCR18: new key tag 27196
;; validating protonmail.ch/DNSKEY: JCR19: new algorithm 8
;; validating protonmail.ch/DNSKEY: JCR20: new ds length 48
;; validating protonmail.ch/DNSKEY: JCR21: new digest 73D3962080B965B6A3D80AB3097FDA1C561C49FB938C06941D9910DC6B3E21AC0F2C8610BB8F6ADB0279EC726D2C4648
;; validating protonmail.ch/DNSKEY: JCR13: dns_rdata_compare result 1
;; validating protonmail.ch/DNSKEY: JCR12: dns_rdata_compare else
;; validating protonmail.ch/DNSKEY: JCR2: keyfromds result 29
;; validating protonmail.ch/DNSKEY: JCR: result 29

References:
- trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
  - From: Greg Troxel
- Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
  - From: reed

Prev by Date: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
Next by Date: Re: VMWare ESXI 6.7 U3 and NetBSD/AMD64 9.x
Previous by Thread: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
Next by Thread: VMWare ESXI 6.7 U3 and NetBSD/AMD64 9.x
Indexes:

Home | Main Index | Thread Index | Old Index