[dns-operations] Online DNSSEC debugging tool now availalbe

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Jul 16 07:21:31 UTC 2010


On Thu, Jul 15, 2010 at 03:15:12PM -0700,
 Duane Wessels <dwessels at verisign.com> wrote 
 a message of 15 lines which said:

> http://dnssec-debugger.verisignlabs.com

The third one, after <http://dnscheck.iis.se/> and
<http://www.zonecheck.fr/>, no ?

For sources.org, a few nits:

1) there is a spurious warning "Unknown host
munzer.ipv6.bortzmeyer.org" which is clearly wrong, this machine has
an address and replies:
% dig @munzer.ipv6.bortzmeyer.org SOA sources.org
...
;; ANSWER SECTION:
sources.org.            86400   IN      SOA     ns3.bortzmeyer.org. hostmaster.bortzmeyer.org. 2010070400 7200 3600 604800 43200
...
;; SERVER: 2001:470:1f11:3aa::1#53(2001:470:1f11:3aa::1)

2) there is a warning "No DS records found for sources.org in the org
zone" whch is true but misleading (my registrar does not accept DS
yet, so I cannot do anything, anyway) because sources.org is in
DLV at ISC, which should be tested.

3) there is a green light "Found 2 DNSKEY records for sources.org" but
there is no KSK/ZSK split in this domain. May be this should be
tested.




More information about the dns-operations mailing list