imgSubHeaderWhyVerisignAlt
Innovation + Initiatives

As the Internet continues to expand, we are committed to creating and driving advancements that keep the Internet fast, safe, and reliable for all users.

Verisign Labs: Tools

Verisign Labs research spans a wide range of technical disciplines and touches all of Verisign’s businesses. Select and use a host of top DNS tools developed by one of the most trusted names in Internet Security for free at Verisign Labs.

DNSSEC Debugger

DNSSEC Debugger

The DNSSEC Debugger is a Web-based tool for ensuring that the "chain of trust" is intact for a particular DNSSEC enabled domain name. The tool shows a step-by-step validation of a given domain name and highlights any problems found.

View Tool

SecSpider

SecSpider is a utility that was developed during the evolution of the DNSSEC deployment. Since early 2005, SecSpider has captured historical information about various zones and operated as a distributed key lookup service. The information maintained in this utility will aid people's understanding of the size, scope, and trends of the global rollout of DNSSEC. The list of zones monitored are a combination of zones submitted by users, crawled from list of over 2.5 million zones, and those walked via NSEC walking. SecSpider classifies zones as "secure" or not based on certain data and behaviors. Secure classification of a zone means that the zone:

  • Must support EDNS0,
  • Must have RRSIG records attached to resource record sets (RRsets),
  • Must not have a CNAME for the zone's domain name, and
  • Must provide NSEC records for denial of existence.

The polling system is globally distributed and crawls its list of secure zones once every day. Its pollers (UCLA, NL Net Labs, Colorado State University, Tsinghua University, Cable Modem in Los Angeles, Toshiba Corp., Switch, Telx, and NIC.br) are dispersed in order to confirm that data is consistent from diverse locations and is robust against any local network effects or phenomenon.

View Tool

TLD-Mon

TLD-Mon is a monitoring system that continuously performs several specific checks of each Top Level Domain, focusing especially on DNSSEC compliance. The tool checks for EDNS0 and PMTU problems, secondary nameserver synchronization, signature validity periods, and more.

View Tool

DNSSEC? Or Not?

This simple web page informs you whether or not your DNS resolver is configured for DNSSEC validation. You may also use this service via DNS by sending a command line query as follows: "$ dig test.dnssec-or-not.net TXT"

View Tool

DNSSEC Scoreboard

The DNSSEC Scoreboard shows the number of domains secured in the com, net, and edu zones.

View Tool

Yet Another Zone Validation Script

YAZVS is a Perl script designed to perform DNSSEC validations on candidate signed zones before they are published. It verifies signatures and reports on differences between the current and candidate zones. Due to its implementation, this script is not suitable for very large zones.

View Tool

Transititive Trust Checker

The Transititive Trust Checker produces trust-relationship graphs for one or more given DNS zones. The graphs show how the zones are related based on names, addresses, and AS numbers.

View Tool

Key Tool

Keytool is a simple Web form designed to assist with manipulation of DNSKEY data. It can re-format DNS key records, generate DS records, and generate lines suitable for pasting into a named.conf file.

View Tool
Legal Notices//Privacy//Repository//Contact Us//Feedback//Site Map


© 2011-2012 VeriSign, Inc. All rights reserved.
VERISIGN, the VERISIGN logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.