1 This is a root server testing kit.
5 1) Build BIND 9.x (9.3 or later; I used 9.6.1-p1)
6 2) symlink: dig, named to ./bin
7 3) Build NSD (I used 3.2.2)
8 4) symlink: nsd, zonec to ./bin
9 5) Build jdnssec-tools (I used 0.9.4)
10 6) Add the jdnssec-tools/bin directory to your path
11 (symlinking the java code doesn't work as well)
12 7) Install python 2.4 or later
13 8) Install dnspython (in fedora, 'yum install python-dns')
15 To do DNSKEY response size tests:
17 1) run ./bin/do.sh <outputfile>
18 2) when prompted to edit zone files and sign.sh, do so. You are
19 configuring a particular case (i.e. 2 KSKs+1 ZSK for a KSK
21 a) Edit the $INCLUDE lines in the zones to include the correct keys
22 b) Edit bin/sign.sh to use the correct keys
23 3) when prompted, (re)start BIND and NSD:
27 To do other response size tests:
29 1) Edit the zone files and run ./bin/sign.sh. This is to match the
30 particular scenario that you are testing. In general, you only
31 need one of each type of key. Only the key sizes matter (unless
32 you are testing a double-signature case).
33 2) (Re)start BIND and/or NSD
37 3) run response_sizes.py. This takes a list of
38 "zonefile:origin[:include glue]" elements on the command line.
41 % ./bin/response_sizes.py -p 4053 root.zone.signed:. \
42 arpa.zone.signed:arpa root-servers.net.signed:root-servers.net:1 \
43 > size.data 2> histograms
45 This will output the raw size data to stdout and histogram data