logo
Blog Archive About Projects Publications Desktop Gallery CV
Mailbox Alert DNSSEC NSEC3 RRTypes Small Stuff
Recent posts:
Don't use the X725 for your Raspberry Pi
Custom RAID NAS with Raspberry Pi
LED clock
Philips Hue rf remote control
Dodecahedron speaker
Categories:
3d printing (7)
arcade cabinet (3)
arduino (1)
backup (2)
blogofile (2)
dns (4)
mailbox alert (31)
making (6)
projects (58)
raid (2)
rants (12)
raspberry pi (1)
site (13)
ultimaker (2)
uncategorized (13)

This is a page just like the normal DNSSEC test page, only here the test tree is signed with NSEC3.

Note that this does not contain NSEC3-specific errors, the only difference is that NSEC3 is used for denial of existence.

Test Tree

I created a complete tree to test your chaser/tracer/verifier/whatever with. At the moment it goes down 4 levels from nsec3.tjeb.nl.

The address of the server is the same as this webserver.

Every zone has 6 delegations:

  • ok

these are signed correctly.

  • nods

A zone, but without the DS RR for the child zone

  • bogussig

the RRSIGs of zones starting with this name contain bad signature data.

  • sigexpired

the RRSIGs of zones starting with this name have an expiration date in the past.

  • signotincepted

the RRSIGs of zones starting with this name have an inception date in the future.

  • unknownalgorithm

the RRSIGS of zones starting with this name are signed correctly (with a known algorithm), but have the algorithm field set to another value.

The result is that you can test your programs with a range of domains, for example:

  • ok.ok.ok.nsec3.tjeb.nl
  • ok.ok.nods.ok.nsec3.tjeb.nl
  • ok.bogussig.ok.nsec3.tjeb.nl
  • ok.ok.ok.nsec3.tjeb.nl
  • ok.bogussig.ok.ok.nsec3.tjeb.nl
  • ok.unknownalgorithm.ok.sigexpired.ok.nsec3.tjeb.nl
  • signotincepted.bogussig.sigexpired.bogussig.nsec3.tjeb.nl
  • bogussig.nsec3.tjeb.nl
  • sigexpired.nsec3.tjeb.nl
  • signotincepted.nsec3.tjeb.nl
  • unknownalgorithm.nsec3.tjeb.nl

Powered by Blogofile.

RSS feeds for Entries