Re: [dnsext] Deliberately bad DNSSEC for testing ?
Matthäus Wander <matthaeus.wander@uni-due.de> Mon, 01 July 2013 08:33 UTC
Return-Path: <matthaeus.wander@uni-due.de>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8048121F84CD for <dnsext@ietfa.amsl.com>; Mon, 1 Jul 2013 01:33:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.349
X-Spam-Level:
X-Spam-Status: No, score=-1.349 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_62=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E6r6aodOAaHm for <dnsext@ietfa.amsl.com>; Mon, 1 Jul 2013 01:32:36 -0700 (PDT)
Received: from mailout.uni-due.de (mailout.uni-due.de [132.252.185.19]) by ietfa.amsl.com (Postfix) with ESMTP id F332821F9CA4 for <dnsext@ietf.org>; Mon, 1 Jul 2013 01:27:16 -0700 (PDT)
Received: from [192.168.8.100] (firewall.vs.uni-duisburg-essen.de [134.91.78.130]) (authenticated bits=0) by mailout.uni-due.de (8.13.1/8.13.1) with ESMTP id r618R6Iq026647 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <dnsext@ietf.org>; Mon, 1 Jul 2013 10:27:08 +0200
Message-ID: <51D13D5A.7020907@uni-due.de>
Date: Mon, 01 Jul 2013 10:27:06 +0200
From: Matthäus Wander <matthaeus.wander@uni-due.de>
Organization: Verteilte Systeme
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: dnsext@ietf.org
References: <20130701021307.72271.qmail@joyce.lan>
In-Reply-To: <20130701021307.72271.qmail@joyce.lan>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010701000206020308030903"
X-Virus-Scanned: Clam Anti Virus - http://www.clamav.net
X-Spam-Scanned: SpamAssassin: 3.002004 - http://www.spamassassin.org
X-Scanned-By: MIMEDefang 2.57 on 132.252.185.19
Subject: Re: [dnsext] Deliberately bad DNSSEC for testing ?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 08:34:01 -0000
* John Levine [2013-07-01 04:13]: > Does anyone publish DNS records with deliberately broken DNSSEC so we > can test that our DNSSEC-aware clients don't resolve them? A records with broken DNSSEC: dnssec-failed.org. sigfail.verteiltesysteme.net. Broken signatures over SOA but (currently?) without A record: servfail.nl. rhybar.cz. Excellent reference with a lot of more examples: http://dnssec-tools.org/testzone/index.html Test websites which show result to the user: http://www.dnssec-or-not.net/ http://dnssectest.sidn.nl/ https://labs.nic.cz/page/960/ http://dnssec.vs.uni-due.de/ I copied some links shamelessly from this list: http://dnssec-deployment.org/pipermail/dnssec-deployment/2013-June/006623.html Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg
- Re: [dnsext] Deliberately bad DNSSEC for testing ? Matthäus Wander
- Re: [dnsext] Deliberately bad DNSSEC for testing ? Richard Lamb
- [dnsext] Deliberately bad DNSSEC for testing ? John Levine