[dns-operations] google DNS doing validation?

Matthew Pounsett matt at conundrum.com
Fri Jul 27 23:05:35 UTC 2018

On 26 July 2018 at 11:29, Frank Bulk <frnkblk at iname.com> wrote:

> Thank for hosting that zone and breaking it again. =)
> There's only two zones that I know that are intentionally broken (
> servfail.nl and www.dnssec-failed.org -- I'd love to have a few more),
> but they provide at least some indication that our customer-facing DNS
> resolvers are properly performing DNSsec validation.

Do you need a whole broken zone?  There's test.dnssec-tools.org which has
dozens records all carefully broken in different ways, including some
subzones in order to test certain types of breakage which are zone-specific
(e.g. NSEC breakage vs. NSEC3 breakage).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180727/939562de/attachment.html>

More information about the dns-operations mailing list