Sections: Main | RRTypes | DNSSEC validator testing | Delegations | Transfers and TSIG

The SIDN Labs DNS workbench is a set of different nameservers that run a known set of configurations and zones; In general the goal is to be able to send a specific query to different implementations and see the difference in their responses, if any.

The idea behind the workbench is that, without having to set up an entire infrastructure yourself, you can quickly find answers to questions such as 'How does NSD4 respond to an ANY query for a wildcard name in an NSEC3 opt-out zone?' (Note: this specific scenario is on the roadmap but not implemented just yet).

This is a work in progress. Server names, zone names and contents may change in the near future. If you see something you don't expect, always check these pages first.

At this moment, there are 6 name servers in the work bench, a number of different zones (currently, all servers are serving all zones).

Note that the zone names may change in the near future, as the naming conventions might be modified while we are adding scenarios.

If you see any problems with the bench, or have any suggestions, please contact Jelte (mailto:jelte.jansen@sidn.nl).

Servers

The following servers are currently running:

  • nsd.sidnlabs.nl (NSD 3.2)
  • nsd4.sidnlabs.nl (NSD 4.0 (trunk))
  • bind9.sidnlabs.nl (bind 9.9.3)
  • bind10.sidnlabs.nl (bind10 1.1.0)
  • knot.sidnlabs.nl (Knot 1.4rc1)
  • powerdns.sidnlabs.nl (PowerDNS 3.2)
  • yadifa.sidnlabs.nl (Yadifa 2.0.5)

At this time, there are three 'classes' of setups:

RRTypes Different RRTypes, including obsolete and exotic ones.
DNSSEC validator testing A tree with deliberate errors in the DNSSEC chain(s), to test validators
Transfers and TSIG Transfering and using/testing TSIG support

Roadmap

We intend to continually expand the work bench with different scenarios as we come up with them. A few short-term goals

  • Add delegations between the different servers
  • Add zones (or names) with other 'things' than rr types (wildcards, empty non-terminals, etc.)
  • Add more scenarios to the deliberately broken DNSSEC zones
  • Add zones with different signing parameters
  • Add zones signed with different signers

The biggest challenge here is not to set them up, but to make them consistent, predictable, and easily maintainable, currently we are looking into that.

Disclaimer

This is a beta service! This service is explicitely not supported by SIDN, but by SIDN Labs. Its setup can change at any moment, without any warning, so it is not advisable to depend on this service for any other (automated) service or system.

If there are any problems with the software or service, please contact Jelte, or SIDN Labs, through our contact page. We would also be very much interested if you have used the workbench, or if you are still missing something that would make it useful for you. So please let us know!