1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Switch
  5. ServerIron ADX 12.4.00
  6. Manual manual

Verification With Dig; Dnssec Gslb In Dns Proxy Mode - Brocade Communications Systems ServerIron ADX 12.4.00 Manual Manual

Global server load balancing guide
Hide thumbs
Table of Contents

Advertisement

1
DNSSEC

Verification with DIG

The following example shows dig being used to validate a DNSSEC response.
[16:31:54 root@rhl-236 ~]# dig +dnssec mydnssec.com +multiline +sigchase
+trusted-key=/root/dnssec/Kmydnssec.com.+005+08340.key
;; RRset to chase:
mydnssec.com.
;; RRSIG of the RRset to chase:
mydnssec.com.
Launch a query to find a RRset of type DNSKEY for zone: mydnssec.com.
;; DNSKEYset that signs the RRset to chase:
mydnssec.com.
;; RRSIG of the DNSKEYset that signs the RRset to chase:
mydnssec.com.
Launch a query to find a RRset of type DS for zone: mydnssec.com.
;; NO ANSWERS: no more
;; WARNING There is no DS for the zone: mydnssec.com.
;; WE HAVE MATERIAL, WE NOW DO VALIDATION ;; VERIFYING A RRset for mydnssec.com.
with DNSKEY:8340: success ;; OK We found DNSKEY (or more) to validate the RRset
;; Ok, find a Trusted Key in the DNSKEY RRset: 8340 ;; VERIFYING DNSKEY RRset for
mydnssec.com. with DNSKEY:8340: success
;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
[16:32:06 root@rhl-236 ~]#

DNSSEC GSLB in DNS proxy mode

The ServerIron ADX supports GSLB for DNSSEC in the DNS proxy mode. In this mode, when the
ServerIron ADX sees a DNS response, it re-orders the response such that it has the 'best IP
address' as the first address in the answer RRset. It also sets the TTL of each of the answer records
(This is for UDP). In the ADNS or the LDNS, the signature in the RRSIG record is calculated by
ordering the individual resource records in canonical order. Only the RR type, class and the value
114
86400 IN A 10.35.62.235
86400 IN RRSIG A 5 2 86400 20100513221145 (
20100413221145 8340 mydnssec.com.
XdrNlVeH/Hc6sMCAOFCWerqtFRgCyNNlOcHrwnLZ+ApI
plN2t2QdpmEqhltmNyINJK2WH6xzP59bkynjOUcg8QQr
OBPRyjlZCXkTS0y8JFNGd0OIjW8KJkLmZ/cag0zFcvA+
xvNQsSM5w9hiprH364JDhSoQYASxFslLkX+MtGw= )
86400 IN DNSKEY 256 3 5 (
AwEAAacXnVRCUEnP7nRuCaGHWw5K7H+IedN5xWnnCUfe
f9upLZESWMPiY0b08biliRQ5Uqt6wCNINM9nBGGxxOhV
i/oT+DEkrjOhNN4o5L7Bd+PwYV0Vh+Fq383jvGdHtr8n
Q+mc69OgQjdARn6ofH6sDcOQFsvKsgtA/EQUa/mc9V2B
) ; key id = 8340
86400 IN RRSIG DNSKEY 5 2 86400 20100513221145 (
20100413221145 8340 mydnssec.com.
WdGTjFIGfFf6jpTm04iDYIj44WgvG+XMGJyzMS7jC5k7
LYk8HtjUAjVs920sgrz9HED7JKs9tMjzIiPZEKRsa+HI
7Re2Rvvrb5PbwNwWFi/smDI57NztLvCNoOWdYEk1r6jW
S8YVLnvd5rsN9d2DY+wr8UZSemRWAURn8G3GRLA= )
ServerIron ADX Global Server Load Balancing Guide
53-1002437-01

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00

Related Content for Brocade Communications Systems ServerIron ADX 12.4.00

This manual is also suitable for:

Serveriron adx

Table of Contents