[dns-operations] Verifying that a recursor is performing DNSSec validation
Mark Andrews
marka at isc.org
Tue Jul 21 03:51:14 UTC 2015
10.in-addr.arpa
In message <002001d0c328$85e85b50$91b911f0$@iname.com>, "Frank Bulk" writes:
> Does anyone have an zone that will always remain unsigned?
> verteiltesysteme.net is going to make one, but if there was a second
> organization that could provide a zone that will never be signed, that would
> be great as a control.
>
> Frank
>
> -----Original Message-----
> From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf
> Of Frank Bulk
> Sent: Friday, July 17, 2015 12:51 AM
> To: dns-operations at dns-oarc.net
> Subject: Re: [dns-operations] Verifying that a recursor is performing DNSSec
> validation
>
> I've completed writing the first iteration of a NAGIOS-oriented Perl script
> that does the checks I've described. It was actually more painful to get
> the Net:DNS:DNSsec Perl module installed than anything else.
>
> We'll see how this works out in our environment.
>
> Frank
>
> -----Original Message-----
> From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf
> Of Frank Bulk
> Sent: Tuesday, July 14, 2015 12:08 AM
> To: dns-operations at dns-oarc.net
> Subject: [dns-operations] Verifying that a recursor is performing DNSSec
> validation
>
> Is there an existing tool, ideally a NAGIOS-friendly one, that performs a
> check against a resolver that it gets an AD back on DNSSec query for a zone
> that is properly signed, failure for one that is not properly signed, and
> nothing for one that isn't signed?
> http://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation
>
> I'd rather not re-invent the wheel if it already exists.
>
> Regards,
>
> Frank Bulk
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list