[dns-operations] Verifying that a recursor is performing DNSSec validation

Frank Bulk frnkblk at iname.com
Tue Jul 21 15:16:06 UTC 2015


Thanks, I had not seen that list before.  The NAGIOS plugin I wrote is not
meant to exhaustively test a recursive resolver, like what can be done with
the dnssec-tool.orgs records.  


-----Original Message-----
From: Robert Story [mailto:rstory at tislabs.com] 
Sent: Tuesday, July 21, 2015 10:03 AM
To: Frank Bulk <frnkblk at iname.com>
Cc: 'Livingood, Jason' <Jason_Livingood at cable.comcast.com>;
dns-operations at dns-oarc.net
Subject: Re: [dns-operations] Verifying that a recursor is performing DNSSec

On Tue, 21 Jul 2015 08:21:16 -0500 Frank wrote:
FB> Thanks.  I found three on the Internet that are set up that way:
FB>  sigfail.verteiltesysteme.net
FB>  www.dnssec-failed.org
FB>  rhybar.cz
FB> I'm using those in my script (randomly) for checking for that failure
FB> case.

The dnssec-tools test suite maintains a test zone with lots of records that
are broken in specific ways.



Senior Software Engineer @ Parsons

More information about the dns-operations mailing list