|
|
Day One Thursday 26 January - Phil Regnauld (NSRC)- ValiDNSWe present `validns`, a standalone command line RFC 1034/1035 zone file validation tool that, in addition to basic syntactic and semantic zone checks, includes DNSSEC signature verification and NSEC/NSEC3 chain validation, as well a number of optional policy checks on the zone.The utility was developed with the goal of it being the last verification step in the chain of production and publication of one or more zones containing up to many thousands (or millions) of signed records, making the speed of operation a primary focus, and reflect on validns' design. The utility is currently being used by several major DNS operators. The paper discusses the problem area, use cases, provides examples of caught errors in zone files, discusses validns performance and its internal design, and talks about future development directions. download video file |
Loading the player ...
|