<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 26 July 2018 at 11:29, Frank Bulk <span dir="ltr"><<a href="mailto:frnkblk@iname.com" target="_blank">frnkblk@iname.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thank for hosting that zone and breaking it again. =)<br>
<br>
There's only two zones that I know that are intentionally broken (<a href="http://servfail.nl" rel="noreferrer" target="_blank">servfail.nl</a> and <a href="http://www.dnssec-failed.org" rel="noreferrer" target="_blank">www.dnssec-failed.org</a> -- I'd love to have a few more), but they provide at least some indication that our customer-facing DNS resolvers are properly performing DNSsec validation. <br></blockquote><div><br></div><div>Do you need a whole broken zone?  There's <a href="http://test.dnssec-tools.org">test.dnssec-tools.org</a> which has dozens records all carefully broken in different ways, including some subzones in order to test certain types of breakage which are zone-specific (e.g. NSEC breakage vs. NSEC3 breakage).</div><div><br></div><div><<a href="https://www.dnssec-tools.org/testzone/">https://www.dnssec-tools.org/testzone/</a>></div><div><br></div><div><br></div></div></div></div>