[Opendnssec-user] Final tests
Rick Zijlker
rick.zijlker at sidn.nl
Mon Jan 18 11:18:22 UTC 2010
Hello Sven-Åke,
I am running tests as well and after signing a zone I check the following points:
- Keytags in the DNSKEY records and see if they correspond to the "ods-ksmutil key list -v" list;
- Presence of NSEC(3) records;
- Number of RRSIGs in relation to number of DS records;
- Possible changes in the SOA record according to policy;
- Logging to see if there is warnings and to see how well the signing is performing. You can see the signs/second;
- Integration with BIND 9.7 and the IXFR's BIND makes when signing a changed zone;
We are testing with a Safenet Luna SA HSM.
Cheers,
Rick Zijlker
-----Original Message-----
From: opendnssec-user-bounces at lists.opendnssec.org [mailto:opendnssec-user-bounces at lists.opendnssec.org] On Behalf Of Sven-Åke Svensson
Sent: maandag 18 januari 2010 11:56
To: opendnssec-user at lists.opendnssec.org
Subject: [Opendnssec-user] Final tests
Hi
I have set up a test environment with opendnssec and a hsm. It's running
on an internal network so it's not published. The main purpose for this
was to test if this hsm (Safenet Protect Server Gold) will be useful for
dnssec. And so far it looks good.
I'm not an expert in dns so I wonder if there are anything I should look
for in the files or any tests I can do to be sure that it works correct
and that the files are signed as they should?
Best regards
Sven-Åke
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
More information about the Opendnssec-user
mailing list