[dns-operations] Online DNSSEC debugging tool now availalbe
George Barwood
george.barwood at blueyonder.co.uk
Fri Jul 16 13:23:07 UTC 2010
Agreed, it is a nice tool.
Duane:
I notice that when "More detail" is clicked, it shows verification attempts where the KeyTag does not match, e.g.
RRSIG=754 and DNSKEY=55799 does not verify the DNSKEY RRset (Verification of RSA string generated error: Signature longer than key)
This seems to imply the KeyTag is not being checked before attempting to verify the signature.
Also, it hardly seems worth reporting this.
George
----- Original Message -----
From: "Roy Arends" <roy at dnss.ec>
To: "Stephane Bortzmeyer" <bortzmeyer at nic.fr>
Cc: <dns-operations at mail.dns-oarc.net>; "Duane Wessels" <dwessels at verisign.com>
Sent: Friday, July 16, 2010 11:10 AM
Subject: Re: [dns-operations] Online DNSSEC debugging tool now availalbe
> On Jul 16, 2010, at 9:21 AM, Stephane Bortzmeyer wrote:
>
>> On Thu, Jul 15, 2010 at 03:15:12PM -0700,
>> Duane Wessels <dwessels at verisign.com> wrote
>> a message of 15 lines which said:
>>
>>> http://dnssec-debugger.verisignlabs.com
>>
>> The third one, after <http://dnscheck.iis.se/> and
>> <http://www.zonecheck.fr/>, no ?
>
> I like Duane's little tool. Not quite as pedantic and noisy as the other online checkers.
>
> Well done Duane.
>
> Roy
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list