Test for youre DNSSEC et cetera (DNS Benchmark)

Software SW tweaks
1

Should you trust the Domain Name Servers you are using?

https://www.grc.com/dns/dns.htm
https://www.grc.com/dns/benchmark.htm

=====

DNSSEC validators

  1. https://chrome.google.com/webstore/search/dnssec%20validator
  2. http://www.dnssec-or-not.com/
  3. http://dnssec.vs.uni-due.de/
  4. https://en.internet.nl/connection/
  5. http://0skar.cz/
  6. https://www.dnssec-validator.cz/pages/download.html
  7. http://www.982.cz/cs/p/index/
  8. https://dnssec-name-and-shame.com/

— Edit 10.07.2019 Detailed examination of the DNSSEC function of specific Web pages
. . . 9. http://dnsviz.net/

1 Like
2

That test suggests that I don’t have working dnssec, but foris does think i have working dnsssec. Anyone any idea what the problem is?

3

Which of the above tests do you mean - number nine? Your provider supports DNSSEC but the counterparty - one specific Web page has a problem with implementing I think.

Test multiple Web pages, each time there will be a different result.

4

No, I have forwarding turned off in the dns tab of foris, so all dns requests should be handles by the omnia.
And dont be ridiculous, isp’s in my country doing dnssec? As if…
But foris claims i have dnssec, but the test of your topmost link, the grc one, claims i don’t.

5

grc mis-detects Knot Resolver. I suspect they watch for DO flag even on provably unsigned zones… there’s not much use to do that, but versions >= 4.0.0 do that now so we’ll see what grc says then (they’ll be coming to Omnia very soon, as there are CVEs fixed in today’s release).

6

image
image588×698 53.3 KB

1
1565×603 119 KB
2
2600×676 53.8 KB
3
3583×983 173 KB
![4|330x499]
Bez%20n%C3%A1zvu
Bez%20n%C3%A1zvu598×791 56.2 KB

image
image602×847 44.3 KB

7

Now the GRC test does detect DNSSEC validation on my Omnia, so that theory was probably right. I can’t see that from the images in the preceding post, but that’s not really important.

8

Yes - differences in results are very small or negligible