Testovaci nastroje DNSSEC?

Pátek Listopad 12 23:14:24 CET 2010

	Porad zapasim s DNSSECem - jaky na to mate testovaci nastroj?
Ja jsem ted zkousel drill(1) z baliku ldns, ale pokazde mi to vraci
neco jineho:

$ cat > /tmp/root.key
. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
$ drill -TD -k /tmp/root.key www.muni.cz a @127.0.0.1

a vysledek ma tri ruzne konce - kdyz drill spoustim opakovane, tak se
"nahodne" stridaji:

[T] www.muni.cz.	21600	IN	A	147.251.5.231
[U] www.muni.cz.	21600	IN	A	147.251.5.231
[B] www.muni.cz.	21600	IN	A	147.251.5.231

Tak ani nevim, jestli je www.muni.cz podepsano korektne.

Dale jsem objevil on-line nastroj http://dnssec.resare.com/, ale
treba na www.rhybar.cz se tvari, ze ma korektni A zaznam. Tak nevim.
Co pouzivate vy?

-Y.

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox