[dns-operations] Alternatives to ldns-verify-zone

Robert Edmonds edmonds at mycre.ws
Thu Sep 22 20:30:59 UTC 2016

John Levine wrote:
> In article <57822085-036c-804b-0457-bf9eccea7412 at centralnic.com> you write:
> >Hi Everyone,
> >
> >We've been using ldns-verify-zone to check and validate our zones
> >including DNSSEC validation. It's a great tool and we've been using it
> >for years, but the latest stable release is Jan/2014.
> As far as I know, nothing about DNSSEC has changed since 2014.  Why is
> it a problem that a tool hasn't changed since then?  Maybe the Dutch
> write well debugged code.

ldns-verify-zone is a utility included with ldns, which is a general
purpose DNS/DNSSEC library.

New DNS RR types are allocated occasionally. The IANA DNS parameters
registry [0] shows five RR types that have been registered since January

Each new DNS RR type brings with it potential interoperability problems
because, in general, if another DNS software package has implemented
support for an RR type, it will begin using that mnemonic and its
presentation format immediately (e.g., when writing DNS zone files in
master file format). For instance, can the ldns-verify-zone included in
the current release of ldns verify a zone that contains an OPENPGPKEY
record in presentation format?

This means that even bug-free general purpose DNS libraries need to be
updated regularly to support new RR types—if only because a user wants
to use a new RR type.

[0] http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4

Robert Edmonds

More information about the dns-operations mailing list