[dns-operations] Announcing the availability of 'validns', a DNS and DNSSEC zone file validator
Paul Wouters
paul at xelerance.com
Mon May 16 22:35:56 UTC 2011
On Tue, 17 May 2011, Anton Berezin wrote:
>>
>> All my bugs were fixed with that too! One feature request is
>> an option to not check if the parent is signed to avoid
>> throwing "no corresponding NSEC3 found for <parent>" for
>> those zones you know have a signed parent but not a DS record.
>
> Ok, it's been a long day here; I don't think I understand your request,
> could you explain it further? Thanks.
I have a zone foo.com. It is signed, but its DS record has not been
published yet in .com. validns will give an error "no corresponding NSEC3 found for foo.com"
I understand this is a useful test, but I'd like to be able to disable that
test for zones known to have not published their DS on purpose.
> (And the Makefile is fixed, thanks for the suggestion).
Thanks :)
Paul
More information about the dns-operations
mailing list