[dns-operations] Verifying that a recursor is performing DNSSec validation
Livingood, Jason
Jason_Livingood at cable.comcast.com
Tue Jul 21 08:33:03 UTC 2015
And for one that is always deliberately broken, for testing:
www.dnssec-failed.org
On 7/20/15, 10:13 PM, "Frank Bulk" <frnkblk at iname.com> wrote:
>Does anyone have an zone that will always remain unsigned?
>verteiltesysteme.net is going to make one, but if there was a second
>organization that could provide a zone that will never be signed, that
>would
>be great as a control.
>
>Frank
>
>-----Original Message-----
>From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On
>Behalf
>Of Frank Bulk
>Sent: Friday, July 17, 2015 12:51 AM
>To: dns-operations at dns-oarc.net
>Subject: Re: [dns-operations] Verifying that a recursor is performing
>DNSSec
>validation
>
>I've completed writing the first iteration of a NAGIOS-oriented Perl
>script
>that does the checks I've described. It was actually more painful to get
>the Net:DNS:DNSsec Perl module installed than anything else.
>
>We'll see how this works out in our environment.
>
>Frank
>
>-----Original Message-----
>From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On
>Behalf
>Of Frank Bulk
>Sent: Tuesday, July 14, 2015 12:08 AM
>To: dns-operations at dns-oarc.net
>Subject: [dns-operations] Verifying that a recursor is performing DNSSec
>validation
>
>Is there an existing tool, ideally a NAGIOS-friendly one, that performs a
>check against a resolver that it gets an AD back on DNSSec query for a
>zone
>that is properly signed, failure for one that is not properly signed, and
>nothing for one that isn't signed?
>http://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation
>
>I'd rather not re-invent the wheel if it already exists.
>
>Regards,
>
>Frank Bulk
>
>
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
More information about the dns-operations
mailing list