[dns-operations] Online DNSSEC debugging tool now availalbe

Duane Wessels dwessels at verisign.com
Fri Jul 16 17:30:47 UTC 2010


On Jul 16, 2010, at 12:21 AM, Stephane Bortzmeyer wrote:

Hi Stephane, thanks for the feedback!

> 
> For sources.org, a few nits:
> 
> 1) there is a spurious warning "Unknown host
> munzer.ipv6.bortzmeyer.org" which is clearly wrong, this machine has

yes, thanks for this report.  The tool was designed to
run on a server with IPv6 but is temporarily at a location
with v4 only.  You should find that this incorrect warning
is no longer present in the output.

> 
> 2) there is a warning "No DS records found for sources.org in the org
> zone" whch is true but misleading (my registrar does not accept DS
> yet, so I cannot do anything, anyway) because sources.org is in
> DLV at ISC, which should be tested.

Understood.  However, we do not intend to utilize DLV for this tool.

> 
> 3) there is a green light "Found 2 DNSKEY records for sources.org" but
> there is no KSK/ZSK split in this domain. May be this should be
> tested.
> 

I'm not sure I understand.  I thought it was perfectly acceptible
to not have a KSK/ZSK split.  Do you think it should be flagged
as a warning?

DW



More information about the dns-operations mailing list