Test for youre DNSSEC et cetera

Should you trust the Domain Name Servers you are using?

DNSSEC validators

  1. https://chrome.google.com/webstore/search/dnssec%20validator
  2. http://www.dnssec-or-not.com/
  3. http://dnssec.vs.uni-due.de/
  4. https://en.internet.nl/connection/
  5. http://0skar.cz/
  6. https://www.dnssec-validator.cz/pages/download.html
  7. http://www.982.cz/cs/p/index/
  8. https://dnssec-name-and-shame.com/

— Edit 10.07.2019 detailní prověření funkce konkrétních web stránek
. . . 9. http://dnsviz.net/

1 Like

That test suggests that I don’t have working dnssec, but foris does think i have working dnsssec. Anyone any idea what the problem is?

Which of the above tests do you mean - number nine? Your provider supports DNSSEC but the counterparty - one specific Web page has a problem with implementing I think.

Test multiple Web pages, each time there will be a different result.

No, I have forwarding turned off in the dns tab of foris, so all dns requests should be handles by the omnia.
And dont be ridiculous, isp’s in my country doing dnssec? As if…
But foris claims i have dnssec, but the test of your topmost link, the grc one, claims i don’t.

grc mis-detects Knot Resolver. I suspect they watch for DO flag even on provably unsigned zones… there’s not much use to do that, but versions >= 4.0.0 do that now so we’ll see what grc says then (they’ll be coming to Omnia very soon, as there are CVEs fixed in today’s release).