vcunat
commented
5 years ago You can use the command-line tool that is exposed on dnsflagday.net: https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing
Closed NameWeb closed 5 years ago
vcunat
commented
5 years ago You can use the command-line tool that is exposed on dnsflagday.net: https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing
pspacek
commented
5 years ago There is purpose-built tool for for mass scanning: https://gitlab.labs.nic.cz/knot/edns-zone-scanner/tree/master
It does ednscomp post-processing specifically to answering question "what will break after the DNS flag day".
vcunat
commented
5 years ago Right, I forgot this :-)
NameWeb
commented
5 years ago Thanks for the quick responses. I had indeed seen those tools. I partially also wanted to know what this would look like using "dig" in order to better understand what is changing. But I guess what's actually changing might be slightly too complicated for such a simple test using dig.
pspacek
commented
5 years ago Exactly, it is way to complicated for bash script with dig :-)
I would like to carry out a simple quick and dirty bulk-test on a large list of nameservers, only showing errors for things that will actually break after DNS flag day. And I hope that a simple test using "dig" could help me and others better understand what exactly is changing.
Since I'm only interested in knowing what will soon be a real problem and don't care about other bad configurations that will survive DNS flag day, I think I could do with comparing the answer to the following two commands:
(where a.iana-servers.net is the NS I want to test and example.org is a domain name configured in that NS)
Or is this too simplistic?
Thanks!