dnssectest.dk
DNSSEC are the security extensions for the Domain Name System (DNS). In order to test a validating DNS stub-resolver or a validating recursive caching name server we have created the following DNS records that you may test with (e.g. with dig, nslookup or the host command).
| DNS name | Expected result | status-flag | Description |
|---|---|---|---|
| sigok.dnssectest.dk |  | NOERROR | sigok is a subzone to dnssectest.dk where DNSSEC is correctly configured. |
| unsignedok.dnssectest.dk | | NOERROR | unsignedok is a subzone to dnssectest.dk where DNSSEC is not enabled. |
| wrongds.dnssectest.dk |  | SERVFAIL | wrongds is a subzone to dnssectest.dk where DNSSEC is enabled but the DS pointing to the subzone contains a wrong hash. |
| oldsig.dnssectest.dk | | SERVFAIL | olds is a subzone to dnssectest.dk which contains DNSSEC records but the signatures are outdated (and the SOA RR has a different serialnumber). |
This site is run by Netic. We love DNS and within this field we provide consultancy services and a network and DNS management system (TidyDNS) that seamlessly integrates with DNSSEC. Contact us for more information.