-
Some tests only make sense with DNSSEC zones; implementing a check for that to skip DNSSEC tests.
chani updated
5 years ago
-
With a new release coming up, a feature request:
would it be possible to add DNSSEC validation to the Netaidkit?
The folks at SIDN Labs have done so with a technically very similar setup:
http…
-
Test DNSSEC chain for SHA1 usage for DS and DNSKEY.
Also test for 512-bit RSA KSK/ZSK. Also see: https://twitter.com/VDukhovni/status/978077604711411713
-
A DNSSEC verification by default would be a nice thing to have.
Also some DNSCrypt servers (see https://github.com/QubesOS/qubes-issues/issues/2341) offer DNSSEC. Of course, however, if you trust the…
-
**Describe the bug**
`mailu-postfix` sporadically reports:
```
Jul 31 19:31:49 mail postfix/smtp[8523]: warning: DNSSEC validation may be unavailable
Jul 31 19:31:49 mail postfix/smtp[8523]: war…
-
It seems that c-ares supports DNSSEC for example it seems they support DNSKEY queries:
https://github.com/c-ares/c-ares/blob/7ebedab25dab50b2f008fbef8601c223096bb780/test/dns-proto.cc#L132
However…
-
The following record types are not parsed:
- DS
- NSEC
- DNSKEY
- RRSIG
These are part of the DNSSec infrastructure which is being rolled out currently. For an example, see the root zone file: …
-
test@test-VirtualBox ~ $ dig +sigchase +trusted-key=./root.keys www.asio.gov.au. A |grep validation
;; RRSIG is missing for continue validation: FAILED
test@test-VirtualBox ~ $ dig +sigchase +trusted…
-
Would be nice to be able to check for DNSSEC and TLSA record suport.
See Swede for a tool that can do TLSA checking, however it dosen't do starttls:
https://github.com/pieterlexis/swede/
-
### Steps to reproduce:
Setup CNS as hidden master
Setup DNS servers (BIND ISC) ns1.example.com (BIND master) & ns2.example.com (BIND slave) for example.com zone in combination with CNS as hidden …