[dns-operations] Online DNSSEC debugging tool now availalbe
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jul 16 07:21:31 UTC 2010
On Thu, Jul 15, 2010 at 03:15:12PM -0700,
Duane Wessels <dwessels at verisign.com> wrote
a message of 15 lines which said:
> http://dnssec-debugger.verisignlabs.com
The third one, after <http://dnscheck.iis.se/> and
<http://www.zonecheck.fr/>, no ?
For sources.org, a few nits:
1) there is a spurious warning "Unknown host
munzer.ipv6.bortzmeyer.org" which is clearly wrong, this machine has
an address and replies:
% dig @munzer.ipv6.bortzmeyer.org SOA sources.org
...
;; ANSWER SECTION:
sources.org. 86400 IN SOA ns3.bortzmeyer.org. hostmaster.bortzmeyer.org. 2010070400 7200 3600 604800 43200
...
;; SERVER: 2001:470:1f11:3aa::1#53(2001:470:1f11:3aa::1)
2) there is a warning "No DS records found for sources.org in the org
zone" whch is true but misleading (my registrar does not accept DS
yet, so I cannot do anything, anyway) because sources.org is in
DLV at ISC, which should be tested.
3) there is a green light "Found 2 DNSKEY records for sources.org" but
there is no KSK/ZSK split in this domain. May be this should be
tested.
More information about the dns-operations
mailing list