Docs on DNSSEC signatures and more
I'm trying to do a small experiment to get all the signatures/digests/rrsig data etc for the chain of trust to a specific dns record on a domain. I've read over https://www.cloudflare.com/dns/dnssec/universal-dnssec/. But one thing I'm not finding easily is how to format the dns record to know the exact payload that is signed. Where can I find more docs on this?
Cloudflare
Universal DNSSEC | Cloudflare
Cloudflare offers easy-to-use DNSSEC, and it only takes a few minutes to set up.
1 Reply
I was trying to do it in Go, but I ended up just using Python and dnspython, much easier. So didn't end up needed to read into the spec or implementation at all. experiment done:
https://gist.github.com/andrewxhill/107e343e676351b39db65910aa3d78d7
Gist
Chain of Trust - but verify...
Chain of Trust - but verify... GitHub Gist: instantly share code, notes, and snippets.