[dns-operations] [DNSSEC] Looking for a zone verification tool
Wolfgang Nagele
wnagele at ripe.net
Tue Mar 1 16:45:40 UTC 2011
Hi Stephane,
> I am looking for a
> zone validation tool, able to take a signed zone in RFC 1035 format
> and tests that it is consistent. More specific requirments are:
Here at the RIPE NCC we have been pondering on that idea for a while now. Due to
our incident with e164.arpa recently we have put more priority to this topic.
Our general idea is a "zone transfer proxy" with which you can configure a
certain set of trust anchors. It takes in a transfer on one end and only hands
it out on the other end if it validates those trust anchors. This should allow
deployment in pretty much any scenario.
I am already in contact with NLNetLabs and will have a follow up meeting with
the guys in the coming weeks. They might put in some effort on the development
of this.
I suggest we get together during the DNS-OARC meeting in San Francisco to
establish some requirements?
Regards,
Wolfgang Nagele
DNS Group Manager, RIPE NCC
More information about the dns-operations
mailing list