[Opendnssec-user] DNSSEC zone pre-deployment checks

Siôn Lloyd sion at nominet.org.uk
Fri Mar 25 11:58:35 UTC 2011


On Friday 25 Mar 2011 10:55:02 am Carsten Strotmann (Men & Mice) wrote:
> Hello OpenDNSSEC community,
> 
> in the light of the recent DNSSEC failures at some TLDs I've started to
> collect a list of checks that should be applied to a DNSSEC signed zone
> before it is deployed on a public authoritative server.
> 
> OpenDNSSEC includes the Auditor, but I couldn't find any documentation
> about the individual checks the Auditor does to a signed zone other than
> reading the source (what I then did).

Hi there.

There is a list of requirements for the auditor:

http://trac.opendnssec.org/wiki/Signer/AuditorRequirements

which is a complete list of the checks made, and how severe each case is 
considered to be.

Cheers,
Sion



More information about the Opendnssec-user mailing list