DNSSEC Readiness

• Previous message (by thread): DNSSEC Readiness
• Next message (by thread): DNSSEC Readiness
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tony Finch wrote:
> On Mon, 15 Feb 2010, Charles N Wyble wrote:
>> How are folks verifying DNSSEC readiness of their environments? Any
>> existing testing methodologies / resources that folks are using?
> 
> Here's my summary of the situation (as of a couple of months ago) with
> links to a few key resources: http://fanf.livejournal.com/104774.html
> 
> Tony.

Most interesting. Thanks.

- From https://www.dns-oarc.net/oarc/services/replysizetest

charles at charles-laptop:~] dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"8.0.23.143 sent EDNS buffer size 4096"
"8.0.23.143 DNS reply size limit is at least 3843"
"Tested at 2010-02-15 19:03:47 UTC"
charles at charles-laptop:~]

I have a local BIND server I use for DNS. It's whatever Ubuntu 9.10
installs  with apt-get, and a cisco 1841 as my edge router.

I imagine that is a pretty standard setup in a lot of user sites (linux
with bind and a cisco router of some sort).

Will do further investigation.

- --
Charles N Wyble
Linux Systems Engineer
charles at knownelement.com (818)280-7059
http://www.knownelement.com
Unless agreed upon, assume everything in this e-mail might be blogged.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkt5mxQACgkQJmrRtQ6zKE99PwCgh5ikE7LRywT610jG4QkkTE4n
lyoAoMT67y/fGQHadGC6aHyRzRzQsxZi
=K8sW
-----END PGP SIGNATURE-----

• Previous message (by thread): DNSSEC Readiness
• Next message (by thread): DNSSEC Readiness
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]