dnssectest.dk
DNSSEC are the security extensions for the Domain Name System (DNS). In order to test a validating DNS stub-resolver or a validating recursive caching name server we have created the following DNS records that you may test with (e.g. with dig, nslookup or the host command).
DNS name | Expected result | status-flag | Description |
---|---|---|---|
sigok.dnssectest.dk | NOERROR | sigok is a subzone to dnssectest.dk where DNSSEC is correctly configured. | |
unsignedok.dnssectest.dk | NOERROR | unsignedok is a subzone to dnssectest.dk where DNSSEC is not enabled. | |
wrongds.dnssectest.dk | SERVFAIL | wrongds is a subzone to dnssectest.dk where DNSSEC is enabled but the DS pointing to the subzone contains a wrong hash. | |
oldsig.dnssectest.dk | SERVFAIL | olds is a subzone to dnssectest.dk which contains DNSSEC records but the signatures are outdated (and the SOA RR has a different serialnumber). |
This site is run by Netic. We love DNS and within this field we provide consultancy services and a network and DNS management system (TidyDNS) that seamlessly integrates with DNSSEC. Contact us for more information.