This is a root server testing kit.

To use:

  1) Build BIND 9.x (9.3 or later; I used 9.6.1-p1)
  2) symlink: dig, named to ./bin
  3) Build NSD (I used 3.2.2)
  4) symlink: nsd, zonec to ./bin
  5) Build jdnssec-tools (I used 0.9.4)
  6) Add the jdnssec-tools/bin directory to your path
     (symlinking the java code doesn't work as well)
  7) Install python 2.4 or later
  8) Install dnspython (in fedora, 'yum install python-dns')

To do DNSKEY response size tests:

  1) run ./bin/do.sh <outputfile> 
  2) when prompted to edit zone files and sign.sh, do so.  You are
     configuring a particular case (i.e. 2 KSKs+1 ZSK for a KSK
     rollover scenario).
     a) Edit the $INCLUDE lines in the zones to include the correct keys
     b) Edit bin/sign.sh to use the correct keys
  3) when prompted, (re)start BIND and NSD:
     a) ./bin/run_bind.sh
     b) ./bin/run_nsd.sh

To do other response size tests:

  1) Edit the zone files and run ./bin/sign.sh.  This is to match the
     particular scenario that you are testing.  In general, you only
     need one of each type of key.  Only the key sizes matter (unless
     you are testing a double-signature case).
  2) (Re)start BIND and/or NSD
     a) ./bin/run_bind.sh
     b) ./bin/run_nsd.sh

  3) run response_sizes.py.  This takes a list of
     "zonefile:origin[:include glue]" elements on the command line.
     For example:

     % ./bin/response_sizes.py -p 4053 root.zone.signed:. \
       arpa.zone.signed:arpa root-servers.net.signed:root-servers.net:1 \
       > size.data 2> histograms

     This will output the raw size data to stdout and histogram data
     to stderr.