[GTALUG] Checking for DNSSEC

[Gordon Chillcott]

I got asked, off-line, by a couple of people if ICANN had any tools for
testing for DNSSEC.  There are so I went in, dug them out and tried
them.

The question, by the way, was prompted by the news that the DNSSEC Key
Signing Key rollover will take place on or about October 11 – this has
been delayed twice.

Now.  To get to the DNSSEC tests, you can go to:

https://www.icann.org/resources/pages//tools-2012-02-25-en

This will bring up a list of four tests:
- a DNS Visualization test
- a “DNS Check”
- a DNSSEC Analyzer
- an SIDN DNSSEC Test

All but the last take a domain as an argument (entered in a text window
on the page).   The last one performs the test to where you're
connected.

I recommend you try each one to see which is right for you.   Read the
results carefully, though.   The “DNS Check”  Seems to think it's OK if
DNSSEC is not there for the zone, as long as everything else is fine.

The last one gives you a link to a more comprehensive test at:

http://en.conn.internet.nl/connection/

That test covers things like IPV6 connectivity as well as DNSSEC.

Cheers,

Gordon