[DNSOP] Running code: draft-ietf-dnsop-kskroll-sentinel-00

Petr Špaček <petr.spacek@nic.cz> Wed, 31 January 2018 14:13 UTC

Return-Path: <petr.spacek@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76C012D84F for <dnsop@ietfa.amsl.com>; Wed, 31 Jan 2018 06:13:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sz02qjgyrP-8 for <dnsop@ietfa.amsl.com>; Wed, 31 Jan 2018 06:13:55 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8727212D88E for <dnsop@ietf.org>; Wed, 31 Jan 2018 06:13:55 -0800 (PST)
Received: from [IPv6:2001:1488:fffe:6:80e8:eaff:fea1:3dbd] (unknown [IPv6:2001:1488:fffe:6:80e8:eaff:fea1:3dbd]) by mail.nic.cz (Postfix) with ESMTPSA id BC751642D0 for <dnsop@ietf.org>; Wed, 31 Jan 2018 15:13:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1517408033; bh=Z5FySxCUz1Be3/gLptfY1uiMp6cxHCjdL5i9Gzo2SIw=; h=To:From:Date; b=Jm4cLyD1TqWgUmd3JccLynn23sNLEuZRNoMTJV0Cy/sqUSzRlwxetExfHByzQXNys NAsatp1uSuFteAmeQ6zaTZE7kJ2rNe44+VJ2AdLjqwnufnHSnmOJorg41OMEF4JlvG gxPz0r0nM3wX4yZbQMo9JfO+GQtTzU6atqsNEXVc=
To: IETF DNSOP WG <dnsop@ietf.org>
From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
Organization: CZ.NIC
Message-ID: <555218d3-3540-b497-ec6b-c7b8d45c17c6@nic.cz>
Date: Wed, 31 Jan 2018 15:13:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-0JwAZgVqJaml5L-o4ciHbN4P-s>
Subject: [DNSOP] Running code: draft-ietf-dnsop-kskroll-sentinel-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2018 14:13:58 -0000

Hello,

draft-ietf-dnsop-kskroll-sentinel-00 is now implemented in Knot Resolver
version 2.0.0 [1] which was released today, and it is enabled by default.

Other implementers might be interested in Deckard [2] tests [3] we have
for this feature. The Deckard framework also works with Unbound and
PowerDNS Recursor, so you might be able to use them directly once you
have code to support the sentinel feature.

Please do not hesitate to contact me if you have any question.


Petr Špaček  @  CZ.NIC

P.S. Version 2.0.0 also has implementation of RFC 8198.


[1] Knot Resolver
https://www.knot-resolver.cz/
https://www.knot-resolver.cz/2018-01-31-knot-resolver-2.0.0.html

[2] Deckard README
https://gitlab.labs.nic.cz/knot/deckard/blob/master/README.rst

[3]  Deckard tests for IETF draft version 00
https://gitlab.labs.nic.cz/knot/deckard/blob/master/sets/resolver/val_ta_sentinel.rpl
https://gitlab.labs.nic.cz/knot/deckard/blob/master/sets/resolver/val_ta_sentinel_insecure.rpl
https://gitlab.labs.nic.cz/knot/deckard/blob/master/sets/resolver/val_ta_sentinel_nokey.rpl