[dns-operations] Announcing the availability of 'validns', a DNS and DNSSEC zone file validator

Paul Wouters paul at xelerance.com
Mon May 16 22:35:56 UTC 2011

On Tue, 17 May 2011, Anton Berezin wrote:

>> All my bugs were fixed with that too! One feature request is
>> an option to not check if the parent is signed to avoid
>> throwing "no corresponding NSEC3 found for <parent>" for
>> those zones you know have a signed parent but not a DS record.
> Ok, it's been a long day here;  I don't think I understand your request,
> could you explain it further?  Thanks.

I have a zone foo.com. It is signed, but its DS record has not been
published yet in .com. validns will give an error "no corresponding NSEC3 found for foo.com"
I understand this is a useful test, but I'd like to be able to disable that
test for zones known to have not published their DS on purpose.

> (And the Makefile is fixed, thanks for the suggestion).

Thanks :)


More information about the dns-operations mailing list