[dns-operations] Verifying that a recursor is performing DNSSec validation

Frank Bulk frnkblk at iname.com
Mon Jul 20 20:13:20 UTC 2015


Does anyone have an zone that will always remain unsigned?
verteiltesysteme.net is going to make one, but if there was a second
organization that could provide a zone that will never be signed, that would
be great as a control.

Frank

-----Original Message-----
From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf
Of Frank Bulk
Sent: Friday, July 17, 2015 12:51 AM
To: dns-operations at dns-oarc.net
Subject: Re: [dns-operations] Verifying that a recursor is performing DNSSec
validation

I've completed writing the first iteration of a NAGIOS-oriented Perl script
that does the checks I've described.  It was actually more painful to get
the Net:DNS:DNSsec Perl module installed than anything else.

We'll see how this works out in our environment.

Frank

-----Original Message-----
From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf
Of Frank Bulk
Sent: Tuesday, July 14, 2015 12:08 AM
To: dns-operations at dns-oarc.net
Subject: [dns-operations] Verifying that a recursor is performing DNSSec
validation

Is there an existing tool, ideally a NAGIOS-friendly one, that performs a
check against a resolver that it gets an AD back on DNSSec query for a zone
that is properly signed, failure for one that is not properly signed, and
nothing for one that isn't signed?
http://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation

I'd rather not re-invent the wheel if it already exists.

Regards,

Frank Bulk


_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs





More information about the dns-operations mailing list