[dns-operations] [DNSSEC] Looking for a zone verification tool

Wolfgang Nagele wnagele at ripe.net
Tue Mar 1 16:45:40 UTC 2011


Hi Stephane,

> I am looking for a
> zone validation tool, able to take a signed zone in RFC 1035 format
> and tests that it is consistent. More specific requirments are:
Here at the RIPE NCC we have been pondering on that idea for a while now. Due to
our incident with e164.arpa recently we have put more priority to this topic.

Our general idea is a "zone transfer proxy" with which you can configure a
certain set of trust anchors. It takes in a transfer on one end and only hands
it out on the other end if it validates those trust anchors. This should allow
deployment in pretty much any scenario.

I am already in contact with NLNetLabs and will have a follow up meeting with
the guys in the coming weeks. They might put in some effort on the development
of this.

I suggest we get together during the DNS-OARC meeting in San Francisco to
establish some requirements?

Regards,
Wolfgang Nagele
DNS Group Manager, RIPE NCC



More information about the dns-operations mailing list