[exim-dev] testdns.exim.org zone

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: exim-dev
Betreff: [exim-dev] testdns.exim.org zone
I just realized, belatedly, that with exim.org fully under our control,
and DNSSEC-signed, I could include the DS glue for testdns.exim.org,
making it much more useful.

I'll aim to move the zone to be authoritative on the exim.org server, at
the same time that DNS moves over, but in the meantime: as it always has
been, "testdns.exim.org" is open-AXFR from "nlns.globnix.net".

For DNSSEC in particular, compare/contrast:

     mx.valid254.testdns.exim.org
   mx.invalid254.testdns.exim.org


The latter has a DS for the delegation but the zone is unsigned, so any
validating resolver should SERVFAIL the entire zone. Dig with +cd to
"checking disable" to see it.