[Opendnssec-user] DNSSEC zone pre-deployment checks
Siôn Lloyd
sion at nominet.org.uk
Fri Mar 25 11:58:35 UTC 2011
On Friday 25 Mar 2011 10:55:02 am Carsten Strotmann (Men & Mice) wrote:
> Hello OpenDNSSEC community,
>
> in the light of the recent DNSSEC failures at some TLDs I've started to
> collect a list of checks that should be applied to a DNSSEC signed zone
> before it is deployed on a public authoritative server.
>
> OpenDNSSEC includes the Auditor, but I couldn't find any documentation
> about the individual checks the Auditor does to a signed zone other than
> reading the source (what I then did).
Hi there.
There is a list of requirements for the auditor:
http://trac.opendnssec.org/wiki/Signer/AuditorRequirements
which is a complete list of the checks made, and how severe each case is
considered to be.
Cheers,
Sion
More information about the Opendnssec-user
mailing list