-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tony Finch wrote:
On Mon, 15 Feb 2010, Charles N Wyble wrote:
How are folks verifying DNSSEC readiness of their environments? Any existing testing methodologies / resources that folks are using?
Here's my summary of the situation (as of a couple of months ago) with links to a few key resources: http://fanf.livejournal.com/104774.html
Tony.
Most interesting. Thanks. - From https://www.dns-oarc.net/oarc/services/replysizetest charles@charles-laptop:~] dig +short rs.dns-oarc.net txt rst.x3827.rs.dns-oarc.net. rst.x3837.x3827.rs.dns-oarc.net. rst.x3843.x3837.x3827.rs.dns-oarc.net. "8.0.23.143 sent EDNS buffer size 4096" "8.0.23.143 DNS reply size limit is at least 3843" "Tested at 2010-02-15 19:03:47 UTC" charles@charles-laptop:~] I have a local BIND server I use for DNS. It's whatever Ubuntu 9.10 installs with apt-get, and a cisco 1841 as my edge router. I imagine that is a pretty standard setup in a lot of user sites (linux with bind and a cisco router of some sort). Will do further investigation. - -- Charles N Wyble Linux Systems Engineer charles@knownelement.com (818)280-7059 http://www.knownelement.com Unless agreed upon, assume everything in this e-mail might be blogged. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkt5mxQACgkQJmrRtQ6zKE99PwCgh5ikE7LRywT610jG4QkkTE4n lyoAoMT67y/fGQHadGC6aHyRzRzQsxZi =K8sW -----END PGP SIGNATURE-----