davidb/captive-validator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rename the DNSSECReconciler to DNSSECValTool

Browse Source
This commit is contained in:
davidb
2010-06-11 11:49:05 -04:00
parent f875a3d4bf
commit 3360e70e88
3 changed files with 31 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README
View File

@@ -1,10 +1,10 @@
DNSSECReconciler
----------------
DNSSECValTool
-------------
This is a command line Java tool for doing DNSSEC response
validatation against a single authoritative DNS server.
usage: java -jar dnssecreconiler.jar [..options..]
usage: java -jar dnssecvaltool.jar [..options..]
server: the DNS server to query.
query: a name [type [flags]] string.
query_file: a list of queries, one query per line.
@@ -14,16 +14,16 @@ usage: java -jar dnssecreconiler.jar [..options..]
may repeat
error_file: write DNSSEC validation failure details to this file
The DNSSECReconciler needs a server to query ('server'), a query or
list of queries ('query' or 'query_file'), and a set of DNSKEYs to
trust ('dnskey_file' or 'dnskey_query') -- these keys MUST be the ones
used to sign everything in the responses.
The DNSSECValTool needs a server to query ('server'), a query or list
of queries ('query' or 'query_file'), and a set of DNSKEYs to trust
('dnskey_file' or 'dnskey_query') -- these keys MUST be the ones used
to sign everything in the responses.
By default it logs everything to stdout. DNSSEC validation errors
(which is most of the output) can be redirected to a file (which will
be appended to if it already exists).
Note that the DNSSECReconciler will skip queries if the qname isn't a
Note that the DNSSECValTool will skip queries if the qname isn't a
subdomain (or matches) the names of the DNSKEYs that have been added.
query_file
@@ -91,12 +91,19 @@ while (<>) {
Examples
--------
java -jar dnssecreconciler server=a.edu-servers.net \
1. Query "a.edu-servers.net", fetching the .edu keys directly from
that server. Use queries.txt for the queries, and log all DNSSEC
validation failures to 'dnssecvaltool_errors.log'.
java -jar dnssecvaltool.jar server=a.edu-servers.net \
dnskey_query=edu \
query_file=queries.txt \
error_file=dnssecreconciler_errors.log
error_file=dnssecvaltool_errors.log
java -jar dnssecreconciler.jar server=127.0.0.1 \
2. Query localhost with a single query for edu/soa, using stored keys
in the file 'keys'. Validation failures will be logged to stdout.
java -jar dnssecvaltool.jar server=127.0.0.1 \
dnskey_file=keys \
query="edu soa"