Re: [dnsext] Deliberately bad DNSSEC for testing ?
Richard Lamb <slamb@xtcn.com> Mon, 01 July 2013 13:55 UTC
Return-Path: <naticklamb@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A796211E8111 for <dnsext@ietfa.amsl.com>; Mon, 1 Jul 2013 06:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.077
X-Spam-Level:
X-Spam-Status: No, score=-1.077 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_62=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qedMnaWKLJS for <dnsext@ietfa.amsl.com>; Mon, 1 Jul 2013 06:55:03 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 906B011E8129 for <dnsext@ietf.org>; Mon, 1 Jul 2013 06:55:02 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id fq12so4430134lab.10 for <dnsext@ietf.org>; Mon, 01 Jul 2013 06:55:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=eG61ERiUfpkuQgYhbdWrIjHDYVAIMtsulJK02plTncQ=; b=B5EZQQTtl4XtXd3oxiB5aphbPCF8OM5Ud/iVSHM1RunmHbEYw0nUIASR38BQw9UOw9 H3bIhcQ45f3mynwuJZ8NkT2PoxFzXjUmiNg2lRAz/2gn3E247S2+ab4UEa8Z7qvMZQyB h34WXcM4DaznHvDnCPti7EGo7egje53ONxYP5d0XHzd9dLs6mqXydA+sabTOyehdgMnt jPIiwCuph3n0r1vm9XsnBnBXFugPTTy9nWoSOWTVFrcwOjAP1pCP01bV1scIn1j5abGQ eoRTp4rqLWPLCVG4FwL2k9PlcPNrzckxbRm6HMDITrz69A1vT08cAZFBvpqSTw0gFiSl 9+gA==
MIME-Version: 1.0
X-Received: by 10.152.170.162 with SMTP id an2mr12097036lac.3.1372686900938; Mon, 01 Jul 2013 06:55:00 -0700 (PDT)
Sender: naticklamb@gmail.com
Received: by 10.112.51.200 with HTTP; Mon, 1 Jul 2013 06:55:00 -0700 (PDT)
In-Reply-To: <51D13D5A.7020907@uni-due.de>
References: <20130701021307.72271.qmail@joyce.lan> <51D13D5A.7020907@uni-due.de>
Date: Mon, 01 Jul 2013 06:55:00 -0700
X-Google-Sender-Auth: zMSDYuUu5LTFiVrKpJ3f4iqBSSc
Message-ID: <CALXbJH-L97OaGYvYhGXCGy0jMhcj+Ksx27ZiRxZopERe6X=+Sg@mail.gmail.com>
From: Richard Lamb <slamb@xtcn.com>
To: Matthäus Wander <matthaeus.wander@uni-due.de>
Content-Type: multipart/alternative; boundary="089e011615e41e4ca904e073935f"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Deliberately bad DNSSEC for testing ?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 13:55:04 -0000
badsig.zx.com is another that I have run. Its parent zx.com has a deliberately bad DS record in it. On Mon, Jul 1, 2013 at 1:27 AM, Matthäus Wander <matthaeus.wander@uni-due.de > wrote: > * John Levine [2013-07-01 04:13]: > > Does anyone publish DNS records with deliberately broken DNSSEC so we > > can test that our DNSSEC-aware clients don't resolve them? > > A records with broken DNSSEC: > dnssec-failed.org. > sigfail.verteiltesysteme.net. > > Broken signatures over SOA but (currently?) without A record: > servfail.nl. > rhybar.cz. > > Excellent reference with a lot of more examples: > http://dnssec-tools.org/testzone/index.html > > Test websites which show result to the user: > http://www.dnssec-or-not.net/ > http://dnssectest.sidn.nl/ > https://labs.nic.cz/page/960/ > http://dnssec.vs.uni-due.de/ > > I copied some links shamelessly from this list: > > http://dnssec-deployment.org/pipermail/dnssec-deployment/2013-June/006623.html > > Regards, > Matt > > -- > Universität Duisburg-Essen > Verteilte Systeme > Bismarckstr. 90 / BC 316 > 47057 Duisburg > > > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext > >
- Re: [dnsext] Deliberately bad DNSSEC for testing ? Matthäus Wander
- Re: [dnsext] Deliberately bad DNSSEC for testing ? Richard Lamb
- [dnsext] Deliberately bad DNSSEC for testing ? John Levine