Appendix A. Signed Zone Example (Exemple de zone signée)
L'exemple suivant montre une (petite) zone signée complète.
Zone File Contents (Contenu du fichier de zone)
example. 3600 IN SOA ns1.example. bugs.x.w.example. (
1081539377
3600
300
3600000
3600
)
3600 RRSIG SOA 5 1 3600 20040509183619 (
20040409183619 38519 example.
ONx0k36rcjaxYtcNgq6iQnpNV5+drqYAsC9h
7TSJaHCqbhE67Sr6aH2xDUGcqQWu/n0UVzrF
vkgO9ebarZ0GWDKcuwlM6eNB5SiX2K74l5LW
DA7S/Un/IbtDq4Ay8NMNLQI7Dw7n4p8/rjkB
jV7j86HyQgM5e7+miRAz8V01b0I= )
3600 NS ns1.example.
3600 NS ns2.example.
3600 RRSIG NS 5 1 3600 20040509183619 (
20040409183619 38519 example.
gl13F00f2U0R+SWiXXLHwsMY+qStYy5k6zfd
EuivWc+wd1fmbNCyql0Tk7lHTX6UOxc8AgNf
4ISFve8XqF4q+o9qlnqIzmppU3LiNeKT4FZ8
RO5urFOvoMRTbQxW3U0hXWuggE4g3ZpsHv48
0HjMeRaZB/FRPGfJPajngcq6Kwg= )
3600 MX 1 xx.example.
3600 RRSIG MX 5 1 3600 20040509183619 (
20040409183619 38519 example.
HyDHYVT5KHSZ7HtO/vypumPmSZQrcOP3tzWB
2qaKkHVPfau/DgLgS/IKENkYOGL95G4N+NzE
VyNU8dcTOckT+ChPcGeVjguQ7a3Ao9Z/ZkUO
6gmmUW4b89rz1PUxW4jzUxj66PTwoVtUU/iM
W6OISukd1EQt7a0kygkg+PEDxdI= )
3600 NSEC a.example. NS SOA MX RRSIG NSEC DNSKEY
3600 RRSIG NSEC 5 1 3600 20040509183619 (
20040409183619 38519 example.
O0k558jHhyrC97ISHnislm4kLMW48C7U7cBm
FTfhke5iVqNRVTB1STLMpgpbDIC9hcryoO0V
Z9ME5xPzUEhbvGnHd5sfzgFVeGxr5Nyyq4tW
SDBgIBiLQUv1ivy29vhXy7WgR62dPrZ0PWvm
jfFJ5arXf4nPxp/kEowGgBRzY/U= )
3600 DNSKEY 256 3 5 (
AQOy1bZVvpPqhg4j7EJoM9rI3ZmyEx2OzDBV
rZy/lvI5CQePxXHZS4i8dANH4DX3tbHol61e
k8EFMcsGXxKciJFHyhl94C+NwILQdzsUlSFo
vBZsyl/NX6yEbtw/xN9ZNcrbYvgjjZ/UVPZI
ySFNsgEYvh0z2542lzMKR4Dh8uZffQ==
)
3600 DNSKEY 257 3 5 (
AQOeX7+baTmvpVHb2CcLnL1dMRWbuscRvHXl
LnXwDzvqp4tZVKp1sZMepFb8MvxhhW3y/0QZ
syCjczGJ1qk8vJe52iOhInKROVLRwxGpMfzP
RLMlGybr51bOV/1se0ODacj3DomyB4QB5gKT
Yot/K9alk5/j8vfd4jWCWD+E1Sze0Q==
)
3600 RRSIG DNSKEY 5 1 3600 20040509183619 (
20040409183619 9465 example.
ZxgauAuIj+k1YoVEOSlZfx41fcmKzTFHoweZ
xYnz99JVQZJ33wFS0Q0jcP7VXKkaElXk9nYJ
XevO/7nAbo88iWsMkSpSR6jWzYYKwfrBI/L9
hjYmyVO9m6FjQ7uwM4dCP/bIuV/DKqOAK9NY
NC3AHfvCV1Tp4VKDqxqG7R5tTVM= )
3600 RRSIG DNSKEY 5 1 3600 20040509183619 (
20040409183619 38519 example.
eGL0s90glUqcOmloo/2y+bSzyEfKVOQViD9Z
DNhLz/Yn9CQZlDVRJffACQDAUhXpU/oP34ri
bKBpysRXosczFrKqS5Oa0bzMOfXCXup9qHAp
eFIku28Vqfr8Nt7cigZLxjK+u0Ws/4lIRjKk
7z5OXogYVaFzHKillDt3HRxHIZM= )
a.example. 3600 IN NS ns1.a.example.
3600 IN NS ns2.a.example.
3600 DS 57855 5 1 (
B6DCD485719ADCA18E5F3D48A2331627FDD3
636B )
3600 RRSIG DS 5 2 3600 20040509183619 (
20040409183619 38519 example.
oXIKit/QtdG64J/CB+Gi8dOvnwRvqrto1AdQ
oRkAN15FP3iZ7suB7gvTBmXzCjL7XUgQVcoH
kdhyCuzp8W9qJHgRUSwKKkczSyuL64nhgjuD
EML8l9wlWVsl7PR2VnZduM9bLyBhaaPmRKX/
Fm+v6ccF2EGNLRiY08kdkz+XHHo= )
3600 NSEC ai.example. NS DS RRSIG NSEC
3600 RRSIG NSEC 5 2 3600 20040509183619 (
20040409183619 38519 example.
cOlYgqJLqlRqmBQ3iap2SyIsK4O5aqpKSoba
U9fQ5SMApZmHfq3AgLflkrkXRXvgxTQSKkG2
039/cRUs6Jk/25+fi7Xr5nOVJsb0lq4zsB3I
BBdjyGDAHE0F5ROJj87996vJupdm1fbH481g
sdkOW6Zyqtz3Zos8N0BBkEx+2G4= )
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ai.example. 3600 IN A 192.0.2.9
3600 RRSIG A 5 2 3600 20040509183619 (
20040409183619 38519 example.
pAOtzLP2MU0tDJUwHOKE5FPIIHmdYsCgTb5B
ERGgpnJluA9ixOyf6xxVCgrEJW0WNZSsJicd
hBHXfDmAGKUajUUlYSAH8tS4ZnrhyymIvk3u
ArDu2wfT130e9UHnumaHHMpUTosKe22PblOy
6zrTpg9FkS0XGVmYRvOTNYx2HvQ= )
3600 HINFO "KLH-10" "ITS"
3600 RRSIG HINFO 5 2 3600 20040509183619 (
20040409183619 38519 example.
Iq/RGCbBdKzcYzlGE4ovbr5YcB+ezxbZ9W0l
e/7WqyvhOO9J16HxhhL7VY/IKmTUY0GGdcfh
ZEOCkf4lEykZF9NPok1/R/fWrtzNp8jobuY7
AZEcZadp1WdDF3jc2/ndCa5XZhLKD3JzOsBw
FvL8sqlS5QS6FY/ijFEDnI4RkZA= )
3600 AAAA 2001:db8::f00:baa9
3600 RRSIG AAAA 5 2 3600 20040509183619 (
20040409183619 38519 example.
nLcpFuXdT35AcE+EoafOUkl69KB+/e56XmFK
kewXG2IadYLKAOBIoR5+VoQV3XgTcofTJNsh
1rnF6Eav2zpZB3byI6yo2bwY8MNkr4A7cL9T
cMmDwV/hWFKsbGBsj8xSCN/caEL2CWY/5XP2
sZM6QjBBLmukH30+w1z3h8PUP2o= )
3600 NSEC b.example. A HINFO AAAA RRSIG NSEC
3600 RRSIG NSEC 5 2 3600 20040509183619 (
20040409183619 38519 example.
2xBLX6TYs6ubocWKOJL1ZM7TfgKp/rTyPsVU
J6TSTMqcInXyR/BjS0hbhZTGW8qDAe7YMdYl
FwdDEAJkU7bGEGfP1yQq7TBzRHqkmcb5Z8OJ
yOz1cvfLQwqb88EUcNPdoLiCGqNb+sksLaUU
5NQcwS4lRhnUTOc0gf2gf5vZR4Q= )
b.example. 3600 IN NSEC c.example. A AAAA RRSIG NSEC
3600 RRSIG NSEC 5 2 3600 20040509183619 (
20040409183619 38519 example.
xNMZBUHJjWNFp8OsBO4fk97aCmvaOQFWQsJA
8EpPmj3jUHnLgHRaOXxgV/FTUZP0WPjh/gjO
1Cd6nC5O0PUQVWqqScCVPUQVhSN5S8k8Oi42
KD4CWrfLseCY6vCXZfDQy5U2A/qXaAb7Ezkq
/5J9+IcyKFrpScq20NvMfUdXWOg= )
xx.example. 3600 IN A 192.0.2.10
3600 RRSIG A 5 2 3600 20040509183619 (
20040409183619 38519 example.
PBUM8pKlbJIf54eDPMKvTiXsU23hBHdLYrv/
+iC8EXYJQJTWm4q/xvP6sCRh0jTtj2NKzp+r
j2O11DOC0fJKH5u7UWmSPfMwD0UOqq8r2qcd
OKGnfZkuA0wq2oYN7XNHXVJ+bYGy+o7hEGxo
yD/Bv3vEqwZLZOTFqXKfCZBFh1c= )
3600 MX 10 mx.xx.example.
3600 RRSIG MX 5 2 3600 20040509183619 (
20040409183619 38519 example.
2M/hGfpvgFPGVVpRADXNWD7OZnj6kbLLHJnT
7A52kAJJpvhdpCnp2n8sKPpHC7pG6HLdwZUh
fF4CdLYXw/MqsJZLlv9tqd/8WFnY9N8YOI6w
HvFUzRYYP5CyTLPL1FvFYGLvLhCBj7u+DPAC
n8qf5gMx8GfPCDkT3ZjVBvv5gEg= )
3600 NSEC example. A MX RRSIG NSEC
3600 RRSIG NSEC 5 2 3600 20040509183619 (
20040409183619 38519 example.
mi0e2BbA9N9vxYSr+Vy9bLBxNYqkPnKLiDk3
YOLQEHdhPrqaxCscq+mVPKfR7J6C2+7A9MHw
j5PvPajgD4HU1wB9mWLLPkKHJb1fW8/CIU7x
OWCxb3Lq+DLMvFHXq7xJ6EqbVBANMKOlS4pF
7PKoK6xCKqW8uj1fRRqX9OqZU8A= )
Notes (Remarques)
Cette annexe fournit un exemple complet d'une zone DNS signée, démontrant tous les types de resource records DNSSEC décrits dans ce document, notamment :
- Enregistrements DNSKEY : Clés publiques pour la signature de zone
- Enregistrements RRSIG : Signatures numériques pour chaque RRset
- Enregistrements NSEC : Déni d'existence authentifié
- Enregistrements DS : Enregistrements Delegation Signer pour les zones enfant
La zone d'exemple example. contient divers resource records (SOA, NS, MX, A, AAAA, HINFO) ainsi que leurs enregistrements de signature DNSSEC correspondants. Chaque RRset signé inclut au moins un enregistrement RRSIG le couvrant.