[Opendnssec-develop] Re: Manually checking DNSSEC signatures

Rick van Rein (OpenFortress) rick at openfortress.nl
Thu Sep 5 16:13:48 CEST 2013


Hi,

>> we sometimes feel a desire to check the signatures by hand, 
> 
> Why checking by hand a few signatures when you can automatically check
> them all?

We had a problem where a different key was used than was claimed in DNS.  It helped us to analyse the problem that we could find out which key was behaving badly.  It's a great help with debugging and development.

In general, knowing how to do this means you have more control than what may be constrained by your software.  I thought that was enough reason to share.

-Rick


More information about the Opendnssec-develop mailing list