[dns-operations] [DNSSEC] Looking for a zone verification tool
Miek Gieben
miek at miek.nl
Tue Mar 1 19:24:20 UTC 2011
[ Quoting Stephane Bortzmeyer in "[dns-operations] [DNSSEC] Looking f"... ]
> * ldns ldns-verify-zone: works fine on a test zone that I rendered
> deliberately invalid. Seems to run forever on .FR (which is signed
> with opt-out so has only 40 signatures). Twenty minutes of Intel Core
> 2 CPU and still running. Fails requirment 4
Looks like this hangs on figuring out what is glue.
I think if you add an option (-d delegation only zone) which defines:
all A/AAAA records which don't have the same owner name as the soa
record are glue.
you can speed this up.
grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110301/ec0c8a9c/attachment.sig>
More information about the dns-operations
mailing list