[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNSSEC Readiness
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tony Finch wrote:
> On Mon, 15 Feb 2010, Charles N Wyble wrote:
>> How are folks verifying DNSSEC readiness of their environments? Any
>> existing testing methodologies / resources that folks are using?
>
> Here's my summary of the situation (as of a couple of months ago) with
> links to a few key resources: http://fanf.livejournal.com/104774.html
>
> Tony.
Most interesting. Thanks.
- From https://www.dns-oarc.net/oarc/services/replysizetest
charles at charles-laptop:~] dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"8.0.23.143 sent EDNS buffer size 4096"
"8.0.23.143 DNS reply size limit is at least 3843"
"Tested at 2010-02-15 19:03:47 UTC"
charles at charles-laptop:~]
I have a local BIND server I use for DNS. It's whatever Ubuntu 9.10
installs with apt-get, and a cisco 1841 as my edge router.
I imagine that is a pretty standard setup in a lot of user sites (linux
with bind and a cisco router of some sort).
Will do further investigation.
- --
Charles N Wyble
Linux Systems Engineer
charles at knownelement.com (818)280-7059
http://www.knownelement.com
Unless agreed upon, assume everything in this e-mail might be blogged.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkt5mxQACgkQJmrRtQ6zKE99PwCgh5ikE7LRywT610jG4QkkTE4n
lyoAoMT67y/fGQHadGC6aHyRzRzQsxZi
=K8sW
-----END PGP SIGNATURE-----