--- layout: default title: DNSSEC-Tools Test Zone ---
The below is a lits of HTML links to DNS zone names that may have various DNSSEC problems.
The following table describes the components of a record name that indicate how the data in the record has potentally been affected
Type | Name Component | Description |
---|---|---|
Record | A | An A (IPv4) address record |
Record | AAAA | An AAAA (IPv6) address record |
Record | CNAME | A CNAME record pointing to an address record |
Record | NS | An NS record pointing to a child zone. |
Record | TXT | |
Record | longlabel | A TXT record with a maximum length label (63) |
Manipulation | good | An unmodified record that should be completely valid. |
Manipulation | badsign | The RRSIG signature data was modified after signing so the signature should no longer be a valid signature. |
Manipulation | nosig | The RRSIG record has been completely removed from the data set and is not available to verify the original record. |
Manipulation | baddata | The data in the record was modified after signing and thus the signature should not validate the record data. Note: modified CNAME records will point to a otherwise valid domain name within the zone (see cnametodne) |
Manipulation | futuredate | The record and signature are valid but the inception date of the RRSIG is in the future and should not be valid yet. |
Manipulation | pastdate | The expiration date of the RRSIG covering the record has expired. |
Manipulation | reverseddates | |
Manipulation | insecure-ns | |
Manipulation | good-ns | |
Manipulation | badsign-ns | |
Manipulation | nosig-ns | |
Manipulation | nods-ns | |
Manipulation | futuredate-ds | |
Manipulation | pastdate-ds | |
Manipulation | reverseddates-ns | |
Manipulation | rollzsk-ns | |
Manipulation | newzsk-ns | |
Manipulation | newkeys-ns | |
Manipulation | rsamd5keys-ns | |
Manipulation | nsec3-ns | |
Manipulation | cnametodne | The CNAME record has been modified to point to a record that never existed in the signed zone. |
Records may contain any number of the above components. For example, a record name of "nosig-cname-to-futuredate-a" would be a CNAME record with no signature which was pointing at an A record with an RRSIG which is not yet valid at the time the signature was created.
The zone file for this domain: test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: test.dnssec-tools.org
The zone file for this domain: nsec3-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: nsec3-ns.test.dnssec-tools.org
The zone file for this domain: rsamd5keys-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: rsamd5keys-ns.test.dnssec-tools.org
The zone file for this domain: newkeys-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: newkeys-ns.test.dnssec-tools.org
The zone file for this domain: newzsk-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: newzsk-ns.test.dnssec-tools.org
The zone file for this domain: rollzsk-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: rollzsk-ns.test.dnssec-tools.org
The zone file for this domain: reverseddates-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: reverseddates-ns.test.dnssec-tools.org
The zone file for this domain: pastdate-ds.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: pastdate-ds.test.dnssec-tools.org
The zone file for this domain: futuredate-ds.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: futuredate-ds.test.dnssec-tools.org
The zone file for this domain: nods-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: nods-ns.test.dnssec-tools.org
The zone file for this domain: nosig-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: nosig-ns.test.dnssec-tools.org
The zone file for this domain: badsign-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: badsign-ns.test.dnssec-tools.org
The zone file for this domain: good-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: good-ns.test.dnssec-tools.org
The zone file for this domain: insecure-ns.test.dnssec-tools.org
The errors for the records contained within this zone as caught by the donuts application: insecure-ns.test.dnssec-tools.org