[dns-operations] Verifying that a recursor is performing DNSSec validation
Frank Bulk
frnkblk at iname.com
Tue Jul 21 15:16:06 UTC 2015
Robert,
Thanks, I had not seen that list before. The NAGIOS plugin I wrote is not
meant to exhaustively test a recursive resolver, like what can be done with
the dnssec-tool.orgs records.
Frank
-----Original Message-----
From: Robert Story [mailto:rstory at tislabs.com]
Sent: Tuesday, July 21, 2015 10:03 AM
To: Frank Bulk <frnkblk at iname.com>
Cc: 'Livingood, Jason' <Jason_Livingood at cable.comcast.com>;
dns-operations at dns-oarc.net
Subject: Re: [dns-operations] Verifying that a recursor is performing DNSSec
validation
On Tue, 21 Jul 2015 08:21:16 -0500 Frank wrote:
FB> Thanks. I found three on the Internet that are set up that way:
FB> sigfail.verteiltesysteme.net
FB> www.dnssec-failed.org
FB> rhybar.cz
FB> I'm using those in my script (randomly) for checking for that failure
FB> case.
The dnssec-tools test suite maintains a test zone with lots of records that
are broken in specific ways.
https://www.dnssec-tools.org/testzone/
Robert
--
Senior Software Engineer @ Parsons
More information about the dns-operations
mailing list