[dns-operations] [DNSSEC] Looking for a zone verification tool

Miek Gieben miek at miek.nl
Tue Mar 1 19:24:20 UTC 2011


[ Quoting Stephane Bortzmeyer in "[dns-operations] [DNSSEC] Looking f"... ]
> * ldns ldns-verify-zone: works fine on a test zone that I rendered
> deliberately invalid. Seems to run forever on .FR (which is signed
> with opt-out so has only 40 signatures). Twenty minutes of Intel Core
> 2 CPU and still running. Fails requirment 4

Looks like this hangs on figuring out what is glue. 

I think if you add an option (-d delegation only zone) which defines:
    all A/AAAA records which don't have the same owner name as the soa
    record are glue.

you can speed this up.

grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110301/ec0c8a9c/attachment.sig>


More information about the dns-operations mailing list