Category: Sites

Jun 13

DNSSEC Test Sites

If you have a new application or service where you want to test how DNSSEC validation works, the sites listed below are ones you can use.  If you want to test validation of the DANE protocol, please see our separate page of DANE test sites.

Note that the sites below are domain names and websites with either good or deliberately mis-configured DNSSEC signatures.  If you are looking for web sites offering tools or services where you can test the status of DNSSEC, please see our list of DNSSEC tools.

Sites With Good DNSSEC Signatures

Today there are millions of domain names out there with valid DNSSEC signatures and so you have many, many options.  Two of the domains you can use to obtain valid signatures are:

  • internetsociety.org
  • ietf.org

If you are testing web validation, the addresses are:

Sites With Bad DNSSEC Signatures

The more interesting tests to perform are with domains that are bad and will generate an error in your application or service.  The following sites have been deliberately mis-configured with bad DNSSEC signatures:

  • dnssec-failed.org   (operated by Comcast)
  • rhybar.cz        (operated by CZ.NIC)

On the web, they are:

The DNSSEC Tools site at http://www.dnssec-tools.org/ also provides a test in that if you connect to the site and do not perform DNSSEC validation you will see an image appear on the page telling you that you are connecting insecurely.

Adding More Sites

If you have a site with an interesting DNSSEC configuration you think would be useful for others to use in testing, please contact us so that we can consider adding it to this list.

Please note that our list of DANE test sites includes sites and domains that are also signed with DNSSEC.

Apr 09

Use Reddit and interested in DNSSEC? Subscribe to the ‘dnssecurity’ subreddit

reddit-dnssecurityIf you are a Reddit user interested in DNSSEC, there is now a subreddit focused on “DNS security” at:

http://www.reddit.com/r/dnssecurity/

Please do subscribe and comment – and also please feel free to contribute links to any articles or resources out there related to DNSSEC, DANE or other topics related to DNS security.

P.S. There’s also a subreddit for IPv6, too.

Apr 27

DNSsexy.net – News from the DNS blogosphere

Looking for news about DNS and DNSSEC that is happening around the Internet? If so, check out:

dnssexy.net

DNSsexy is a news aggregation site built and maintained by Jan-Piet Mens that pulls together DNS-related items from a variety of blogs and news sources. Do note that this is DNS in general… so it covers a wide range of DNS topics, not just the DNSSEC we cover here.

You can view the latest news by going to the site – or by adding the aggregated RSS feed into Google Reader or whatever feed reader you use.

I’ve found it quite a useful way to stay up on the many DNS posts happening around the Internet. Thanks to Jan-Piet Mens for setting up and maintaining the site!

Apr 13

Jima’s IPv6 TLD Hall-of-Shame

Patrick “Jima” Laughton is an advocate for IPv6 who, inspired by a conversation on Facebook, decided to do something to highlight which top-level domains (TLDs) were NOT IPv6-ready.  And thus was born the “IPv6 TLD Hall-of-Shame“, available at:

http://jima.tk/u/v6tlds

He has two lists:

  1. TLDs without IPv6 nameservers
  2. TLDs with IPv6 nameservers but no IPv6 “glue” records in the root zone

He’s been updating the list periodically and has been removing TLDs as they add IPv6 service. As World IPv6 Launch grows closer and closer, we’d like to see these lists shrink even more!

Kudos to Jima for creating and maintaining this list and we look forward to the day when he’ll have empty lists and can shut the site down.

Mar 01

BT Launches IPv6 Resource Centre

In preparation for World IPv6 Launch on June 6, BT is launching an IPv6 Resource Center. As BT’s Tim Rooney states:

I’d recommend estimating that date for you (if you ever believe it will happen) and working backwards to devise a plan to support an IPv6 Internet presence. With a plan in place, you can estimate the plan execution time (make sure you add some fudge time due to inevitable unforeseen issues) and be ready to invoke it with enough lead time to complete it by your IPv6 Density or “D-Day.”

BT’s IPv6 Resource Centre includes links to webinars, videos, whitepapers and more.

Feb 09

IPv6exchange.net Aims To Provide Q&A-Style Forum For IPv6 Discussion

Looking to post a specific IPv6 question and receive an answer? Or looking to see what kinds of questions people are asking about IPv6? If so, the folks at Network Revolution, an IPv6 consultancy based in London, have set up a web forum at ipv6exchange.net where people can ask IPv6 questions and receive answers from others in the community. They’re seeking to make it a member-driven community where people can collectively build up a knowledgebase of information related to IPv6.  While I’ve not yet set up my own free account to join the discussions, it does look like a useful resource and as we approach World IPv6 Launch on June 6 it is great to see more and more resources like this coming online!

Feb 06

US DoD DREN Provides Excellent IPv6 Knowledge Base

DOD High Performance Computing Modernization ProgramIf you are looking to learn more about IPv6 or looking for lists of products and training resources related to IPv6, the folks over at the United States Department of Defense (DOD) High Performance Computing Modernization Program maintain a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN).

Long names and acronyms aside, some of the many excellent resources to be found within the site include:

The site includes a great amount of information of value not only to US government agencies and employees, but also to anyone working with IPv6.  Kudos to the team at DREN for maintaining the site and we’re pleased to add it to the list of resources we’re promoting here on Deploy360.

Feb 02

US DoD/DREN IPv6 Knowledge Base

DOD High Performance Computing Modernization ProgramThe United States Department of Defense (DOD) High Performance Computing Modernization Program maintains a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN). The main IPv6 knowledge base can be found at:

http://www.hpcmo.hpc.mil/cms2/index.php/ipv6-knowledge-base-general-info

There are many excellent resources to be found within the site including:

All in all the site is an outstanding resource for people looking for more IPv6 information.