Yeah! Well done Craig, Sebastian and the rest of the team working on this project for some time now. What a great mile stone to see delivered! D On 12/06/2012 12:21 p.m., Sebastian Castro wrote:

Because dnssec.geek.nz is the first .nz domain that can be DNSSEC validated

According to the Open DNSSEC Validating Resolver (https://www.dns-oarc.net/oarc/services/odvr)

dig a www.dnssec.geek.nz @149.20.64.20 +dnssec +multiline

;<<>> DiG 9.8.0<<>> a www.dnssec.geek.nz @149.20.64.20 +dnssec +multiline ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24148 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5 ^^^^ NOTE THIS

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;www.dnssec.geek.nz. IN A

;; ANSWER SECTION: www.dnssec.geek.nz. 86161 IN A 114.23.33.130 www.dnssec.geek.nz. 86161 IN RRSIG A 5 4 86400 20120705085021 ( 20120605083506 57516 dnssec.geek.nz. UCUGqNqTi020wY++lGqJWjZZrLYvPYyS7tEHLA1ASW3O AXEkBtojFfHxy0Zne0Z1INoChmlONAovXBWmCa6Y8RPO iAFsxoUcAt+njxwpXIrqWfSw4bKVex4DVtbIJiQcgUjf y4+CpkSEHKVZG0jQcquwnOCRqcf90OCPYW93Uqs= )

;; AUTHORITY SECTION: dnssec.geek.nz. 86160 IN NS dns2.dnssec.geek.nz. dnssec.geek.nz. 86160 IN NS dns1.dnssec.geek.nz. dnssec.geek.nz. 86160 IN RRSIG NS 5 3 86400 20120705085021 ( 20120605083506 57516 dnssec.geek.nz. d+7MLB24EUROEmvsfDFRpy52qY1bNF6KJFBnhaszvyak 9tbsY1TpDY8dv6y2OUN4SoA9Ydfj3QD3IwEkGAOKIzvG OrorBNUDBb7nUyjXMi0te5X7AfRhSkQDNDL3zYb30WO/ 8KeCzydAGXQtmAiu2yxTV9RJFrnzbQ4OOe/i3QY= )

;; ADDITIONAL SECTION: dns1.dnssec.geek.nz. 86160 IN A 114.23.33.130 dns2.dnssec.geek.nz. 86160 IN A 114.23.33.131 dns1.dnssec.geek.nz. 86160 IN RRSIG A 5 4 86400 20120705085021 ( 20120605083506 57516 dnssec.geek.nz. ODk/boWCMVYj6RWMkp2PqZoxvnCavFZyucZgvTxTIlYz R47IGWjlLeb1DHIQJzEDUPvKj6VhNiA+sbLwG/Oh4nHD WVb5xJt07gPlSPiihzWGlY2g90KN3PXqdujKgc/8FIhi GUSdE+umR+kBG2XlZpvyzc0L3C6niICPImMq3JY= ) dns2.dnssec.geek.nz. 86160 IN RRSIG A 5 4 86400 20120705085021 ( 20120605083506 57516 dnssec.geek.nz. Tl5vbS+GfMiWhft32InQHdUqWY0lHmzZdIzwyrVGJdoO yhRGrWej0RshhnypA0lO77cBRQuYoIzZt7/cUpGe1MyO FnYKQeQpt8bLak4HZ5W+Fkc5GQctD4Q2cGSJqvIJOuDd GqT1KuILudTDERmUwLCsA8n/q3W19mUnbYO4dqM= )

;; Query time: 160 msec ;; SERVER: 149.20.64.20#53(149.20.64.20) ;; WHEN: Tue Jun 12 12:17:01 2012 ;; MSG SIZE rcvd: 829

Our internal validating nameservers report similar situation.

BTW, the above is possible because geek.nz is fully DNSSEC enabled.

Kind Regards,

-- Don Gould 31 Acheson Ave Mairehau Christchurch, New Zealand Ph: + 64 3 348 7235 Mobile: + 64 21 114 0699