Hi Petr,Thanks for this. This will also be very helpful implementing the /scoped/ strict and opportunistic validation (on the roadmap for Unbound).
Would it be possible for you to provision the name servers for testiscorg.ch (ns[1-4].as207960.net. ) to send along an agent domain with an EDNS0 Report-Channel option, so we can test reporting of the mismatch as well? (as described in the fourth paragraph of Section 3. Upgrading NS RRset Credibility <https://www.ietf.org/archive/id/draft-ietf-dnsop-ns-revalidation-10.html#name-upgrading-ns-rrset-credibil>)
Would it also be possible for you to provision the name servers for the test domains to send along an agent domain with an EDNS0 Report-Channel option? To also test reporting to the child domain (even though this is optional in the draft).
I hope so, Thanks! -- Willem Op 28-04-2025 om 18:16 schreef Petr Špaček:
Hello dnsop.Here's a little test bed to enable testing the running code (in Unbound) and to help evaluating the proposed protocol:child-bogus-a.nsreval.testiscorg.ch. child-bogus-ns.nsreval.testiscorg.ch. child-short-ttl.nsreval.testiscorg.ch. TXT RRs on apex will give you more details about each zone.Generally, parent and child zones disagree on either NS name or NS TTL. tcpdump usage is advisable to detect where queries are being sent and at what frequency.Please e-mail me in case it does not work or something is unclear. HTH!
OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
