[DNSSEC-Transparency] Test data wanted

Linus Nordberg linus at nordu.net
Mon Feb 8 17:05:15 CET 2016


Hi,

I'm ready to start testing some code. In order to save some time, I'm
asking the list for test data.

I suggest that we define "Inputs" for our newly invented "add-ds-rr"
HTTP entry-point (similar to RFC6962 section 4.1) like this:

  chain: An array of base64-encoded RRsets in DNS wire format. The first
  element is a single DS RR to be added to the log. The next element is
  an RRSIG RR for the DS RR. After that follows all the RRsets necessary
  to validate the DS RR up to a known root. The RR types allowed are
  DNSKEY, RRSIG and DS.

Now please tell me where this will fail. :)

Or provide me with a chain like described above for a DS record of your
choice that's valid using the DNSSEC root as a known root.

Thanks,
Linus



More information about the DNSSEC-Transparency mailing list