[Opendnssec-develop] Re: Manually checking DNSSEC signatures
Rick van Rein (OpenFortress)
rick at openfortress.nl
Thu Sep 5 14:13:48 UTC 2013
>> we sometimes feel a desire to check the signatures by hand,
> Why checking by hand a few signatures when you can automatically check
> them all?
We had a problem where a different key was used than was claimed in DNS. It helped us to analyse the problem that we could find out which key was behaving badly. It's a great help with debugging and development.
In general, knowing how to do this means you have more control than what may be constrained by your software. I thought that was enough reason to share.
More information about the Opendnssec-develop