[dns-operations] Alternatives to ldns-verify-zone

Casper Gielen cgielen+dnsoarc at uvt.nl
Tue Sep 27 09:58:50 UTC 2016

Op 22-09-16 om 21:36 schreef John Levine:
> In article <57822085-036c-804b-0457-bf9eccea7412 at centralnic.com> you write:
>> Hi Everyone,
>> We've been using ldns-verify-zone to check and validate our zones
>> including DNSSEC validation. It's a great tool and we've been using it
>> for years, but the latest stable release is Jan/2014.
> As far as I know, nothing about DNSSEC has changed since 2014.  Why is
> it a problem that a tool hasn't changed since then?  Maybe the Dutch
> write well debugged code.

That is assuming this tool was complete to begin with.
From the top of my head the last released version does not support all
algorithms that are used by DNSSEC nor does it support the INCLUDE
Both issues have been fixed by the author but were never released in a
stable version. The version from GIT works fine for me though.

Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160927/40ca1618/attachment.sig>

More information about the dns-operations mailing list