[124297] in North American Network Operators' Group
Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST
daemon@ATHENA.MIT.EDU (Robert Kisteleki)
Tue Mar 30 05:38:32 2010
Date: Tue, 30 Mar 2010 11:37:49 +0200
From: Robert Kisteleki <robert@ripe.net>
To: nanog@nanog.org
In-Reply-To: <20100330092858.GC24147@macbook.catpipe.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I must observe that these are not really the links you'd want to give your
end users to check out. Their audience is very different. While the article
on RIPE Labs comes close, they don't really answer the "does it work or does
it not?" question with a green/red light, and they don't provide a good
explanation to the audience Randy is referring to.
Robert
On 2010.03.30. 11:29, Phil Regnauld wrote:
> Randy Bush (randy) writes:
>>
>> i.e. what can we do to maximize the odds that the victim will quickly
>> find the perp, as opposed to calling our our tech support lines?
>
> Ah yes, there was the second good reason for actually helping netops
> and security officers :)
>
> Tools:
>
> https://www.dns-oarc.net/oarc/services/replysizetest
>
> https://www.dnssec-deployment.org/wiki/index.php/Tools_and_Resources,
> under troubleshooting:
> http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues
> http://secspider.cs.ucla.edu/
>
> Info sheets:
>
> http://www.afnic.fr/actu/nouvelles/240/l-afnic-invite-les-responsables-techniques-reseaux-a-se-preparer-a-la-signature-de-la-racine-dns-en-mai-2010
> (click English, top right)
>
> ... plenty of links there too.
>
> Cheers,
> Phil
>
