
8 Dec
2011
8 Dec
'11
9:18 a.m.
For those interested: The first bytes of DNSKEY data are the length of the exponent, followed by the exponent (represented as an unsigned integer.) In the case of .nz, DNSKEYs begin with the following bytes (represented in hex.) 0400 0100 01 Meaning the exponent is the four byte unsigned integer 0x00010001 (65537 in decimal). This is a pretty common exponent Interestingly enough, the first bytes of the root DNSKEYs are as follows: 0301 0001 Meaning the exponent is the three byte unsigned integer 0x010001 (65537 in decimal). Same exponent, but the .nz encoding is significantly more adorable. More info on the encoding of DNSKEYs can be found at: http://tools.ietf.org/html/rfc3110#section-2 Cheers, James Dempsey