IPv6-Labor

Zuletzt angesehen: • dnssec

sec:dnssec

Inhaltsverzeichnis

Testing
- Domain:
- Resolver:
Betrieb:
Troubleshooting

DNSSEC

https://dnsinstitute.com/documentation/dnssec-guide/dnssec-guide.html
https://www.cloudflare.com/de-de/dns/dnssec/how-dnssec-works/
Overview of DNSSEC
https://metebalci.com/blog/a-short-practical-tutorial-of-dig-dns-and-dnssec/
https://www.denic.de/wissen/dnssec

dig example.com. +multiline +dnssec # get A and RESIG Record for domain
dig @1.1.1.1 example.com. +multiline +dnssec +trace # trace funktioniert nicht mehr mit 8.8.8.8

Testing

Domain:

https://dnsviz.net/ – Visualisiert den (DNSSEC)-Status einer Domain
https://dnssec-debugger.verisignlabs.com/
https://internet.nl/connection

Überprüfung von DS und DNSKEY einer Domain:

dig @8.8.8.8 example.com. DS  # KSK key-id must match between DS and DNSKEY
dig @8.8.8.8 example.com. DNSKEY +dnssec +cd +multiline  # multiline prints key algorithm and id

Resolver:

https://wander.science/projects/dns/dnssec-resolver-test/
https://cmdns.dev.dns-oarc.net/

dig sigok.ippacket.stream #should return an A-Record
dig sigfail.ippacket.stream # should return a SERVFAIL
dig sigfail.ippacket.stream +cd #(check disabled - should return an A-Record)

Infos zum Testen:

Betrieb:

https://kb.isc.org/docs/aa-00994 – Using Response Rate Limiting
BSI - Offene Resolver
https://www.cymru.com/Documents/secure-bind-template.html
https://hackviser.com/tactics/hardening/bind9

Troubleshooting

sec/dnssec.txt · Zuletzt geändert: 2024/04/08 07:11 von admin