[dns-operations] Debugging DNSSEC
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Dec 23 09:19:10 UTC 2011
On Thu, Dec 22, 2011 at 12:22:20PM -0500,
Edward Lewis <Ed.Lewis at neustar.biz> wrote
a message of 42 lines which said:
> >I am not quite familiar with DNSSEC debugging yet,
>
> No worries, not many people are. ;)
I disagree. 2010 and 2011 experienced a massive increase in DNSSEC
deployment _and usage_. Problems are now known and investigated. And
we gained a lot of practical experience.
Back to the original question, there are many tools to help you to
investigate:
http://www.bortzmeyer.org/tests-dns.html
> "dig +cd +norec". [...] dig @recursive_resolver . SOA to see if the
> AD appears.
Starting with the tools mentioned above is probably simpler...
More information about the dns-operations
mailing list