[dns-operations] Explaining DNSSEC issues

Franck Martin fmartin at linkedin.com
Tue Oct 14 06:39:02 UTC 2014


I found this tool quite good to report the most common DNSSEC issues. It looks at SOA, A, AAAA, and MX records of a zone and is visually nearly intuitive.

http://dnsviz.net/d/dns-oarc.net/dnssec/

The type of errors I see are like:
http://dnsviz.net/d/eucom.mil/dnssec/

Where an important record is not signed

Or like:
http://dnsviz.net/d/au/dnssec/

Where the delegation is not set (DS). For dot au, it is on purpose so testing can occur before going live by the end of this month: http://www.auda.org.au/industry-information/au-domains/dnssec/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141014/91c5f9df/attachment.sig>


More information about the dns-operations mailing list