[dns-operations] google DNS doing validation?
matt at conundrum.com
Fri Jul 27 23:05:35 UTC 2018
On 26 July 2018 at 11:29, Frank Bulk <frnkblk at iname.com> wrote:
> Thank for hosting that zone and breaking it again. =)
> There's only two zones that I know that are intentionally broken (
> servfail.nl and www.dnssec-failed.org -- I'd love to have a few more),
> but they provide at least some indication that our customer-facing DNS
> resolvers are properly performing DNSsec validation.
Do you need a whole broken zone? There's test.dnssec-tools.org which has
dozens records all carefully broken in different ways, including some
subzones in order to test certain types of breakage which are zone-specific
(e.g. NSEC breakage vs. NSEC3 breakage).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations