Hi Michael, Michael Richardson wrote: > That's really slick. > > I guess it uses whatever resolver is in /etc/resolv.conf of my browser, > which for me is bind9 on localhost. Does your system report back > automatically, or am I supposed to upload results somehow?
The system does not report back any results, we wanted to make the page as simple as possible. We are working on a variant that will allow people willing to contribute to our project with measurements to submit results. This will likely be a simple script that can be run as a cron job. > Are you doing any of the DNS server identification stuff? > (RFC4892, etc.) No, not in this measurement. AFAIK, that's also kinda hard to do from a browser ;-). We're loading hidden 1x1 images from URLs that are secure and bogus DNSSEC-signed. If the bogus image loads, the resolver is obviously not validating, if neither the secure nor the bogus image loads, the resolver is failing to validate. Try it for 8.8.8.8, Google gives back SERVFAILs on domains signed with RSA/MD5... > I notice that I got a lot of X initially, but slowly they all turned green > (except for the EdDSA stuff, which I guess I don't support yet) Latency may be a bit of an issue there, we've worked out with some help from Hugo Salgado that we may need to raise some of the timeouts. > Should I be telling my friends to visit the page? Yes please ;-) Cheers, Roland -- -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet -- e: [email protected]
