I found this tool quite good to report the most common DNSSEC issues. It looks at SOA, A, AAAA, and MX records of a zone and is visually nearly intuitive.
http://dnsviz.net/d/dns-oarc.net/dnssec/ The type of errors I see are like: http://dnsviz.net/d/eucom.mil/dnssec/ Where an important record is not signed Or like: http://dnsviz.net/d/au/dnssec/ Where the delegation is not set (DS). For dot au, it is on purpose so testing can occur before going live by the end of this month: http://www.auda.org.au/industry-information/au-domains/dnssec/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
