[Opendnssec-develop] Re: Manually checking DNSSEC signatures

Rick van Rein (OpenFortress) rick at openfortress.nl
Thu Sep 5 14:13:48 UTC 2013


>> we sometimes feel a desire to check the signatures by hand, 
> Why checking by hand a few signatures when you can automatically check
> them all?

We had a problem where a different key was used than was claimed in DNS.  It helped us to analyse the problem that we could find out which key was behaving badly.  It's a great help with debugging and development.

In general, knowing how to do this means you have more control than what may be constrained by your software.  I thought that was enough reason to share.


More information about the Opendnssec-develop mailing list