DNSSEC helps fixing your DNS

Sure, I might be extrapolating that a bit but it does help pointing out some issues. As I am readying more zones to work with DNSSEC, I am in the process of making sure it works accordingly. I suggest you make your way to the DNSSEC software page if you are interested.

One of these tests is the Reply Size Test which you should run from your DNS server. If you try it (as I did in this example), run: dig +short rs.dns-oarc.net txt. This is what was returned to me:

rst.x3827.rs.dns-oarc.net.
rst.x4049.x3827.rs.dns-oarc.net.
rst.x4055.x4049.x3827.rs.dns-oarc.net.
“2001:770:60:cf:5652:ff:fe3d:7d2d sent EDNS buffer size 4096”
“2001:770:60:cf:5652:ff:fe3d:7d2d DNS reply size limit is at least 4055”
“Tested at 2010-12-03 19:34:27 UTC”

If you get a result below 4000, you are in trouble, otherwise, this is all good 🙂