[dns-operations] google DNS doing validation?
frnkblk at iname.com
frnkblk at iname.com
Sat Jul 28 04:39:48 UTC 2018
Matthew,
I don’t think those sites are all working as advertised … I took baddata-A.test.dnssec-tools.org out of my rotation over a year ago – see attached. Let me know if I’ve got it wrong.
Frank
From: Matthew Pounsett <matt at conundrum.com>
Sent: Friday, July 27, 2018 6:06 PM
To: Frank Bulk <frnkblk at iname.com>
Cc: Marco Davids (SIDN) <marco.davids at sidn.nl>; dns-operations <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] google DNS doing validation?
On 26 July 2018 at 11:29, Frank Bulk <frnkblk at iname.com <mailto:frnkblk at iname.com> > wrote:
Thank for hosting that zone and breaking it again. =)
There's only two zones that I know that are intentionally broken (servfail.nl <http://servfail.nl> and www.dnssec-failed.org <http://www.dnssec-failed.org> -- I'd love to have a few more), but they provide at least some indication that our customer-facing DNS resolvers are properly performing DNSsec validation.
Do you need a whole broken zone? There's test.dnssec-tools.org <http://test.dnssec-tools.org> which has dozens records all carefully broken in different ways, including some subzones in order to test certain types of breakage which are zone-specific (e.g. NSEC breakage vs. NSEC3 breakage).
<https://www.dnssec-tools.org/testzone/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180727/af56461c/attachment.html>
-------------- next part --------------
An embedded message was scrubbed...
From: "Frank Bulk" <frnkblk at iname.com>
Subject: RE: DNSSEC baddata shouldn't be succeeding
Date: Fri, 28 Apr 2017 16:03:47 -0500
Size: 6984
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180727/af56461c/attachment.mht>
More information about the dns-operations
mailing list