Skip to end of metadata
Go to start of metadata

 

dnssectest.dk

DNSSEC are the security extensions for the Domain Name System (DNS). In order to test a validating DNS stub-resolver or a validating recursive caching name server we have created the following DNS records that you may test with (e.g. with dig, nslookup or the host command).

DNS nameExpected resultstatus-flagDescription
sigok.dnssectest.dk(tick)NOERRORsigok is a subzone to dnssectest.dk where DNSSEC is correctly configured.
unsignedok.dnssectest.dk(tick)NOERRORunsignedok is a subzone to dnssectest.dk where DNSSEC is not enabled.
wrongds.dnssectest.dk(error)SERVFAILwrongds is a subzone to dnssectest.dk where DNSSEC is enabled but the DS pointing to the subzone contains a wrong hash.
oldsig.dnssectest.dk(error)SERVFAIL

olds is a subzone to dnssectest.dk which contains DNSSEC records but the signatures are outdated (and the SOA RR has a different serialnumber).

 

This site is run by Netic. We love DNS and within this field we provide consultancy services and a network and DNS management system (TidyDNS) that seamlessly integrates with DNSSEC.