$2010-08-25$



About DNSSEC

The DNSSEC technology expands the domain name system (DNS) by elements 
increasing the security of the services for the translation of domain names 
to IP addresses and vice versa. DNSSEC ensures the credibility of the data 
obtained from the DNS.

You can learn more about DNSSEC at http://www.nic.cz/dnssec/ .



About DNSSEC (Hardware) Tester

One of the problems occurring in the DNSSEC introduction is the incompatibility 
of some devices with this security technology. The incompatibility means that 
the device is not able to process the DNS enquiries with the switched-on 
validation by means of DNSSEC. This especially applies to hardware intended for 
use in households and small organisations, such as DSL modems, cable modems, 
internal routers, wireless network connection points, etc. DNSSEC (Hardware) 
Tester is the tool intended for testing the compatibility of these devices and 
(optional) uploading of results for public usage.

However hardware can be successfully tested in very limited conditions only (see
Limitations) so in most cases this tool will probably be used for testing of 
availability of DNSSEC enabled internet connections only.



Installation and usage

Installation and running is straightforward on all supported platforms:
  - Linux: just decompress the archive and run ./dnstester.py script.
  - Windows (zip): just decompress the archive to the desired location and run
            provided dnstester.bat file
  - Windows (exe): after (successfull) installation the program will run 
            automatically; also there is an shortcut on your desktop for running
            the tool
  - Mac OS X: open downloaded DMG image and run the tool

After the first info-window program will try to download the current device 
database from its website (in case of failure the default one will be used). 
The next window allows you to choose the kind of connection you are using. Then 
you must select (or fill in) type of the tested device. As the next step the 
core of the work is done - DNSSEC validated DNS enquiries are tested and their 
summary is then displayed. You can follow provided links to learn more about 
individual tests. If you want to share your results, clicking the Forward button
will try to upload them to the central database available at 

  http://www.dnssec-tester.cz

New results in database need to be check for spam before they become visible, 
this takes some time.



WARNING: For testing purposes IP address of the computer is uploaded too. This 
information is NOT visible and accesible anywhere.

LIMITATIONS: If your internet service provider already supports DNSSEC, this 
tool can be used for compatibility testing of your modem. However in most cases 
this is not true and the only relevant info you get is if your internet 
connection is DNSSEC enabled or not. (Alternatively you can try to configure 
your device to use DNSSEC enabled resolvers and then to test it again, this time 
for hardware compatibility.) Also chaining more devices together make it pretty 
difficult to investigate the cause of eventual failure of tests.



DnsTester release history
1.6 - error with no GTK under Mac OS X 10.6 corrected
1.5 - works on Mac OS X 10.6 now (albeit with some graphical glitches)
1.4 - small update of info-texts
1.3 - Hungarian translation (by Lévai Ágnes)
1.2 - fixed handling of version number
1.1 - fix for resigned domain
1.0 - initial version

