The Treehouse Blog

DNSSEC at home

on Jul.17, 2010, under Happenings, Networking

Since the root zone was signed this week, I spent a bit of time today setting up DNSSEC validation on my home recursive server.  It was relatively painless (so far).  I did opt to not enable DLV though – not fond of it receiving every host name I resolve.

Resources:

One resource I would have liked to find and could not was a deliberately unvalidatable non-root zone/record that could be used to see a validation failure.  If anyone knows of or finds such a thing, please pass it along.  Now we get to wait for .com, .net, etc, to catch up to .bg and .uk in the publishing of DS glue for deeper validation.

UPDATE 7/22/10:  Just found the following site which makes available bad records for testing purposes: http://dnssec-tools.org/testzone/index.html

:, , , ,

Comments are closed.

July 2010
S M T W T F S
« Jun   Aug »
 123
45678910
11121314151617
18192021222324
25262728293031

Archives

Content Copyright © 2004 - 2019 Brady Alleman. All Rights Reserved.

As an Amazon Associate I earn from qualifying purchases.