[Dnssec-deployment] some notes on testing DNSSEC software & dynamic data

Matthew Pounsett mpounsett at ca.afilias.info
Tue Jan 4 15:23:07 EST 2011


On 2011/01/04, at 14:50, bert hubert wrote:

> While we have some suggestions for 'DNSSEC test sites', we also come with a
> little gift: random.powerdnssec.org - this is a random A record that changes
> every 5 or 10 seconds, and gets a new RRSIG each time.
> 
> This should be good for stressing out validators. The configuration that
> enables this is:
> 
> launch=random,gsqlite3
> gsqlite3-database=/home/ahu/work/pdns/trunk/pdns/pdns/powerdns.sqlite3
> gsqlite3-dnssec
> random-hostname=random.powerdnssec.org

Since a validator will just cache the record and its RRSIG, which probably limits the 'stress' one can put on it, would it be better to put a wildcard in there that gets a valid sig when it's requested?

This seems like a good set of tests.


-- 
Because it disrupts the flow of conversation.
Why is top-posting email replies discouraged?



More information about the Dnssec-deployment mailing list