[dns-operations] Online DNSSEC debugging tool now availalbe
Duane Wessels
dwessels at verisign.com
Fri Jul 16 17:30:47 UTC 2010
On Jul 16, 2010, at 12:21 AM, Stephane Bortzmeyer wrote:
Hi Stephane, thanks for the feedback!
>
> For sources.org, a few nits:
>
> 1) there is a spurious warning "Unknown host
> munzer.ipv6.bortzmeyer.org" which is clearly wrong, this machine has
yes, thanks for this report. The tool was designed to
run on a server with IPv6 but is temporarily at a location
with v4 only. You should find that this incorrect warning
is no longer present in the output.
>
> 2) there is a warning "No DS records found for sources.org in the org
> zone" whch is true but misleading (my registrar does not accept DS
> yet, so I cannot do anything, anyway) because sources.org is in
> DLV at ISC, which should be tested.
Understood. However, we do not intend to utilize DLV for this tool.
>
> 3) there is a green light "Found 2 DNSKEY records for sources.org" but
> there is no KSK/ZSK split in this domain. May be this should be
> tested.
>
I'm not sure I understand. I thought it was perfectly acceptible
to not have a KSK/ZSK split. Do you think it should be flagged
as a warning?
DW
More information about the dns-operations
mailing list