11:29 matt joined the chat
11:29 ws2
8:50
wouter 
Good morning
8:50
dblacka 
woo!
8:50
wouter 
Hello!
8:50
Jelte 
whoa
8:51
jad 
morning
8:52
pk 
mornin'
8:53
geoff 
yo
9:09
wouter 
14 people in the room. 10 in the chatroom.
9:15
Jelte 
my imap does not play nice with the connection here
9:19
wouter 
ssh+mutt works 
9:36
pk 
is pope benedict representing VA or BY?
9:37
Suz 
some of us are more present than others.
9:37
pope benedict 
dk
9:37
pk 
apologies ...
9:39
wouter 
for nsd: ./configure --enable-checking [optional] --enable-nsec3
9:39
» enable-checking gives debug logging for NSD server when started ./nsd -L 1
9:47
pope benedict 
zone name with 0 == unsigned 1 == NSEC signed 3 == NSEC3 signed
9:55
marka 
10.151.96.148
9:56
» c
9:58
geoff 
test?
9:58
marka 
I see you geoff
10:03
Jelte 
am i still here?
10:03
scottr 
I read you
10:04
Jelte 
ping
10:04
» a
10:04
» i did not even see my own messages
10:04
geoff 
b
10:04
Jelte 
test tree description page at http://jelte.nlnetlabs.nl/Projects/NSEC3/index.html
10:05
geoff 
me: \10.151.96.139
10:06
marka 
test
10:07
Jelte 
ldns snapshot at http://jelte.nlnetlabs.nl/opendir/ldns-1.1.0_pre_20060918.tar.gz
See the README.NSEC3 for some quick instructions
10:07
pope benedict 
1 Drill                     Jelte         141
2 Libval                 Suresh         143
3. Bind no DNSSEC (9.2)             Wouter         135
4 Bind 9.4 DNSSECbis             Ed        132
5.Bind 9.5 Bind 9.5 NSEC+NSEC3         Mark    148
6 Unbound no DNSSEC             Matt    136
7 Unbound with DNSSEC             John    134
8 Unbount with NSEC3             Dave    140
10:10
Jelte 
if you compile the examples dir in ldns (same instructions as drill) you can also use the signer, walker, keyfetcher, etc
10:15
» % drill -TD www.n1.n1s.ws.nsec3.org                                          ls
Warning: No trusted keys were given. Will not be able to verify authenticity!
;; Domain: .
;; No DNSKEY record found for .
;; No DS for org.
;; Domain: org.
;; No DNSKEY record found for org.
;; No DS for nsec3.org.
;; Domain: nsec3.org.
;; No DNSKEY record found for nsec3.org.
;; No DS for ws.nsec3.org.
;; Domain: ws.nsec3.org.
[S] ws.nsec3.org. 30 IN DNSKEY 256 3 RSASHA1 ;{id = 27311 (zsk), size = 512b}
ws.nsec3.org. 30 IN DNSKEY 257 3 RSASHA1 ;{id = 56082 (ksk), size = 512b}
[S] n1s.ws.nsec3.org. 30 IN DS 61476 RSASHA1 1 c5e18485478404c812b04da467958a51e97925db

;; Domain: n1s.ws.nsec3.org.
[S] n1s.ws.nsec3.org. 30 IN DNSKEY 256 3 RSASHA1 ;{id = 24317 (zsk), size = 512b}
n1s.ws.nsec3.org. 30 IN DNSKEY 257 3 RSASHA1 ;{id = 61476 (ksk), size = 512b}
[S] Existence denied: n1.n1s.ws.nsec3.org. DS

[S] Existence denied: n1.n1s.ws.nsec3.org. NS
10:15
» that's the drill tracer output
10:25
Jelte 
i'd like someone besides me running the drill tracer
10:25
pk 
yep
10:28
HaveBars? 
Okay....
10:28
» dig @10.151.96.152 www.n1.n1s.ws.nsec3.org aaaa +multiline +dnssec 

; <<>> DiG 9.3.2 <<>> @10.151.96.152 www.n1.n1s.ws.nsec3.org aaaa +multiline +dnssec
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43761
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.n1.n1s.ws.nsec3.org. IN AAAA

;; AUTHORITY SECTION:
n1s.ws.nsec3.org.       30 IN NSEC n3.n1s.ws.nsec3.org. NS SOA RRSIG NSEC DNSKEY
n1s.ws.nsec3.org.       30 IN RRSIG NSEC 5 4 3600 20150420235959 (
                               20051021000000 24317 n1s.ws.nsec3.org.
                               HOyjGaBquUhDPIVmPomBQ12y9uwk26nFMUjp7gzD3xou
                               bfwWasIyUx4C7e0gGrAOqmSiAAY2i7ElggfYQ65aPQ== )
n1s.ws.nsec3.org.       30 IN SOA ns2.infra.ws.nsec3.org. roy.dnss.ec.n1s.ws.nsec3.org. (
                               1          ; serial
                               3600       ; refresh (1 hour)
                               300        ; retry (5 minutes)
                               3600000    ; expire (5 weeks 6 days 16 hours)
                               3600       ; minimum (1 hour)
                               )
n1s.ws.nsec3.org.       30 IN RRSIG SOA 5 4 30 20150420235959 (
                               20051021000000 24317 n1s.ws.nsec3.org.
                               TrC8f0C37D5gUvpcOLo9QfI5CvGNMzfjzhdQDFbTjfFt
                               zql13YVYI16Zqan4u8yE0cqR2CIA1xm+Omz7SZUUrQ== )

;; Query time: 785 msec
;; SERVER: 10.151.96.152#53(10.151.96.152)
;; WHEN: Mon Sep 18 10:27:29 2006
;; MSG SIZE  rcvd: 376

11:34
wouter 
weird queries: dig @127.0.0.1 v48gb4no8t6prklaqkoaclu0mj6jo427.full.ws.nsec3.org A  (there is an NSEC3 there too, which gives NOERROR/NODATA).
11:35
» h9qtvs4gvttlhuv16ir708tgh4u1cbsa.full.ws.nsec3.org TYPE65324     (query NSEC3 and it exists there: NXDOMAIN answer)
12:01 pope benedict left the chat.
12:04 dblacka left the chat.
12:26
marka 
k
12:26 dblacka joined the chat
12:36 pope benedict joined the chat
12:58
HaveBars? 
what's the link?
12:58 
matt@ecotroph.net 
link?
12:59
HaveBars? 
the thing suzanne is talking about
12:59 
matt@ecotroph.net 
right, I'm seconding your request for the link
1:00
Suz 
LOL
1:00
HaveBars? 
ah, i'm just to lazy to stop eating to answer out loud
1:00 
matt@ecotroph.net 
who is HaveBars?
1:00
HaveBars? 
me
1:00 
matt@ecotroph.net 
ed?
1:00
Suz 
http://www.msnbc.msn.com/id/12481103/
1:00 
matt@ecotroph.net 
ahh, then who is the pope?
1:01
Suz 
The head of the Catholic Church militant
1:01
HaveBars? 
pk on a power trip
1:01 
matt@ecotroph.net 
well he is German
1:01
» (the pope, that is)
1:01
scottr 
Then who is pk?
1:01
HaveBars? 
whi is pk?
1:02
scottr 
ja
1:02 
matt@ecotroph.net 
ahhh, I think the new pope is Icelandic
1:02
Suz 
you mean why is pl
1:02
» or pk
1:02
» but we don't ask why is the pope
1:02
Jelte 
and once again we can state that anonimity tends to be misused
1:02
HaveBars? 
who said that?
1:03 
matt@ecotroph.net 
"Anoniminity tends to be misused."
1:03
scottr 
It's sometimes referred to as the "Internet f*ckwad theory"
1:03
Suz 
and yet, it entirely predates the Internet
1:03
scottr 
Normal person + Internet + crowd = total f*ckwad
1:03
pope benedict 
I'm here to keep an eye on the NSEC3 heretics
1:03 
matt@ecotroph.net 
hey, this is a family jabber room: please just say fuckwad
1:04
pk 
remember these anonymous logs will be published on the vatican website
1:04
Suz 
and the NSA staff room
1:04 
matt@ecotroph.net 
that goes without saying
1:05
pope benedict 
and the Verisign coroporate secrets disclosure department will scan it for NDA violations
1:05 
matt@ecotroph.net 
there is no need to scan after the fact
1:05
» s/will scan/is scanning
1:06
Suz 
whatever. I've already been accused in public of a federal crime by VeriSign. It probably helped both my career and my social life.
1:06
Jelte 
hehe
1:06
pk 
wait: what is the purpose of the "secrets disclosure department"? Isnt that PR?
1:07
scottr 
Eh, I've been acused of subverting the constitution.  It's just venting
1:07
Suz 
yes, but when it's a lawsuit, it's very expensive venting. 
1:07
wouter 
The NDA puts fines on not disclosing positive PR on Verisign
1:08
Jelte 
verisign ftw!
1:48 roy joined the chat
1:57 marka left the chat.
2:19
Jelte 
http://jelte.nlnetlabs.nl/opendir/ldns-1.1.0_pre_20060918.tar.gz now contains the fixes for the bugs found earlier if anyone's interested
2:24 marka joined the chat
2:36 pk left the chat.
3:59
HaveBars? 
aaaaaaaaaaaaaaaaaaaaaaaaagggggggggggggggggggggggggghhhhhhhhhhhhhhhhhhhhh!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
4:00
Suz 
no, really?
4:00
wouter 
Your keyboard seems to be stuck.
4:00
Jelte 
hmz my computer at home is reachable after all, just not from here...
4:00
HaveBars? 
not a keyboard problem
4:00
Suz 
that would be the castle until recently known as aaaaaaaaaaaaggggggggggggggggggghhhhhhhhhhhhhhhh!
4:05 scottr left the chat.
4:05 pope benedict left the chat.
4:05 wouter left the chat.