[dns-operations] New DNS testing tool: Check My DNS (in development)

Jerry Lundström jerry at dns-oarc.net
Tue Oct 11 06:09:12 UTC 2016


Hi Viktor,

On 10/10/16 07:54, Viktor Dukhovni wrote:
> Don't know what you intend to do with DANE/TLSA.  My suggestion is:

Thanks for your suggestions!

They are surely something to follow up on if we would extend the tool to
do testing like that but right now all tests are activated by the
clients web browser, through their resolver, against our DNS server.

What I was thinking about DANE/TLSA might seem very simple; Do you query
for the TLSA record if I open an HTTPS link for you?

This could detect problems along the way, defected resolvers etc.

In the long run I'd hope to be able to check if the client browser
validates also but I have not had time to check if that is possible.

Cheers,
Jerry



More information about the dns-operations mailing list