[Dnssec-deployment] some notes on testing DNSSEC software & dynamic data
Matthew Pounsett
mpounsett at ca.afilias.info
Tue Jan 4 15:23:07 EST 2011
On 2011/01/04, at 14:50, bert hubert wrote:
> While we have some suggestions for 'DNSSEC test sites', we also come with a
> little gift: random.powerdnssec.org - this is a random A record that changes
> every 5 or 10 seconds, and gets a new RRSIG each time.
>
> This should be good for stressing out validators. The configuration that
> enables this is:
>
> launch=random,gsqlite3
> gsqlite3-database=/home/ahu/work/pdns/trunk/pdns/pdns/powerdns.sqlite3
> gsqlite3-dnssec
> random-hostname=random.powerdnssec.org
Since a validator will just cache the record and its RRSIG, which probably limits the 'stress' one can put on it, would it be better to put a wildcard in there that gets a valid sig when it's requested?
This seems like a good set of tests.
--
Because it disrupts the flow of conversation.
Why is top-posting email replies discouraged?
More information about the Dnssec-deployment
mailing list