Re: DNSSEC DSSET & KEYSET

Paul Wouters Thu, 28 Jan 2010 10:20:45 -0800

On Thu, 28 Jan 2010, prock...@yahoo.com wrote:

So my question is, is there a way through DIG (or some other utility) to 
confirm that the parent domain has the DSSET and KEYSET records required to 
support the child domain?


http://opensource.iis.se/trac/dnscheck/

$ dnscheck -test=dnssec xelerance.org.
  0.000: INFO Begin testing DNSSEC for xelerance.org..
 19.914: INFO Found DS record for xelerance.org. at parent.
 25.983: INFO Nameserver 193.110.157.135 does DNSSEC extra processing.
 26.256: INFO Nameserver 209.237.247.134 does DNSSEC extra processing.
 26.256: INFO Servers for xelerance.org. have consistent extra processing 
status.
 26.256: INFO Found DNSKEY record for xelerance.org. at child.
 26.256: INFO Consistent security for xelerance.org..
 26.256: INFO Checking DNSSEC at child (xelerance.org.).
 26.256: INFO DNSKEY xelerance.org. (tag 10146) is marked as a secure entry 
point (SEP).
 26.257: INFO At least one mandatory algorithm found for DNSKEY xelerance.org..
 26.257: WARNING DNSSEC signature expired: RRSIG(xelerance.org/IN/DNSKEY/10146)
 26.257: INFO DNSSEC signature expires at: Fri Feb  5 12:54:58 2010
 26.278: INFO DNSSEC signature RRSIG(xelerance.org/IN/DNSKEY/49550) matches 
records.
 26.278: INFO DNSSEC signature valid: RRSIG(xelerance.org/IN/DNSKEY/49550)
 26.278: INFO Enough valid signatures found for xelerance.org..
 31.598: INFO DNSSEC signature expires at: Sun Feb  7 12:53:42 2010
 31.598: INFO DNSSEC signature RRSIG(xelerance.org/IN/SOA/49550) matches 
records.
 31.598: INFO DNSSEC signature valid: RRSIG(xelerance.org/IN/SOA/49550)
 31.598: INFO Enough valid signatures over SOA RRset found for xelerance.org..
 31.598: INFO DNSSEC child checks for xelerance.org. complete.
 31.599: INFO Checking DNSSEC at parent of xelerance.org..
 31.599: INFO Parent DS(xelerance.org.) refers to valid key at child: 
DS(xelerance.org./5/1/10146)
 31.599: INFO Parent DS(xelerance.org.) refers to secure entry point (SEP) at 
child: DS(xelerance.org./5/1/10146)
 31.599: INFO At least one mandatory DS algorithm found for xelerance.org..
 31.599: INFO DNSSEC parent checks for xelerance.org. complete.
 31.599: INFO Done testing DNSSEC for xelerance.org..


Paul
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC DSSET & KEYSET

Reply via email to