On Fri, Apr 17, 2015 at 01:17:45PM +0100, Stephen Farrell wrote: > I still think I've been answered but just to clarify. The context > here has no UI at all given it's between MTAs. And the people who > wanted to experiment I believe wanted to play about with no DNSSEC > at all, rather than with local trust anchors for DNS.
As Paul says, there is a UI here: logs for sysadmins, Received headers for users and sysadmins. For testing, just prime a cache at the validating resolver. Incidentally, testing with DNS is hard. The biggest problem, of course, is hardwiring the port number, which means that automated tests can't simply spin up a server on some other port, which then means that VMs with virtualized networking are needed in order to automate tests, which then completely changes how tests run (i.e., "make check" won't do, and/or it will be slow). Of course, the fact that DNS is always on port 53 has its benefits, but an option to put NSs on a different port would sure help. Stub resolvers can help by having an option for priming a cache (including pretending that the records in the cache were signed, and the signatures validated). Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
