VERISIGN LABS: TOOLS

Verisign Labs research spans a wide range of technical disciplines and touches all of Verisign’s businesses. Select and use a host of top DNS tools developed by one of the most trusted names in Internet Security for free at Verisign Labs.

DNSSEC Debugger

DNSSEC DEBUGGER

The DNSSEC Debugger is a Web-based tool for ensuring that the "chain of trust" is intact for a particular DNSSEC enabled domain name. The tool shows a step-by-step validation of a given domain name and highlights any problems found.

View tool

TLD-MON

TLD-Mon is a monitoring system that continuously performs several specific checks of each Top Level Domain, focusing especially on DNSSEC compliance. The tool checks for EDNS0 and PMTU problems, secondary nameserver synchronisation, signature validity periods and more.

View tool

DNSSEC? OR NOT?

This simple web page informs you whether or not your DNS resolver is configured for DNSSEC validation. You may also use this service via DNS by sending a command line query as follows: "$ dig test.dnssec-or-not.net TXT"

View tool

DNSSEC SCOREBOARD

The DNSSEC Scoreboard shows the number of domains secured in the com, net and edu zones.

View tool

YET ANOTHER ZONE VALIDATION SCRIPT

YAZVS is a Perl script designed to perform DNSSEC validations on candidate signed zones before they are published. It verifies signatures and reports on differences between the current and candidate zones. Due to its implementation, this script is not suitable for very large zones.

View tool

TRANSITIVE TRUST CHECKER

The Transitive Trust Checker produces trust-relationship graphs for one or more given DNS zones. The graphs show how the zones are related based on names, addresses and AS numbers.

View tool

KEY TOOL

Keytool is a simple Web form designed to assist with manipulation of DNSKEY data. It can re-format DNS key records, generate DS records and generate lines suitable for pasting into a named.conf file.

View tool