[dns-operations] Verifying that a recursor is performing DNSSec validation

Wessels, Duane dwessels at verisign.com
Fri Jul 24 21:42:29 UTC 2015

Its been a while since you wrote about this, but I've attempted to implement
a nagios plugin along these lines.


I believe it works the way you've described and would welcome any feedback.


> On Jul 13, 2015, at 10:08 PM, Frank Bulk <frnkblk at iname.com> wrote:
> Is there an existing tool, ideally a NAGIOS-friendly one, that performs a
> check against a resolver that it gets an AD back on DNSSec query for a zone
> that is properly signed, failure for one that is not properly signed, and
> nothing for one that isn't signed?
> http://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation
> I'd rather not re-invent the wheel if it already exists.
> Regards,
> Frank Bulk
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4676 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150724/e95b40bf/attachment.bin>

More information about the dns-operations mailing list