Ce site web utilise des cookies pour vous distinguer parmi les autres utilisateurs de notre site. L'utilisation des cookies nous aide à vous proposer un service spécifique, à faciliter l'utilisation du site web, à comprendre nos visiteurs et à vous présenter des publicités. En poursuivant votre navigation sur le site, vous consentez à notre utilisation des cookies. Consultez notre Déclaration de confidentialité pour des informations plus détaillées.

Verisign Labs

Nous nous inscrivons dans la volonté de faire d'Internet un lieu sûr et fiable pour commercer et communiquer.

USING INTERNET SECURITY TOOLS TO CREATE A STRONGER WEB

We are constantly creating and testing new tools to improve the Internet. Select and use a host of top DNS tools developed by one of the most trusted names in Internet Security for free.

DNSSEC DEBUGGER

DNSSEC DEBUGGER

The DNSSEC Debugger is a Web-based tool for ensuring that the "chain of trust" is intact for a particular DNSSEC enabled domain name. The tool shows a step-by-step validation of a given domain name and highlights any problems found. The tool begins with a query to a root nameserver. It then follows the referrals to the authoritative nameserver, validating DNSSEC keys and signatures as it goes. Each step in the process is given a good (green), warning (yellow), or error (red) status code. You can move your mouse over the warning and error icons to view a longer explanation. Press the plus (+) and minus (-) keys to increase or decrease debugging. At the highest debugging level you can see the full, raw DNS messages for almost all of the queries.

View tool
DANE TEST PAGES

DANE TEST PAGES

Our DANE test site contains links to demonstrate and test The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol (TLSA). DANE provides a way to authenticate TLS (X.509) certificates using DNSSEC.

View tool
TLD-MON

TLD-MON

TLD-Mon is a monitoring system that continuously performs several specific checks of each top-level domain, focusing especially on DNSSEC compliance. The tool checks for EDNS0 and PMTU problems, secondary nameserver synchronization, signature validity periods and more.

View tool
DNSSEC SCOREBOARD

DNSSEC SCOREBOARD

The DNSSEC Scoreboard shows the number of domains secured in the COM, NET and EDU zones.

View tool
YET ANOTHER ZONE VALIDATION SCRIPT

YET ANOTHER ZONE VALIDATION SCRIPT

YAZVS is a Perl script designed to perform DNSSEC validations on candidate signed zones before they are published. It verifies signatures and reports on differences between the current and candidate zones. Due to its implementation, this script is not suitable for very large zones.

View tool
TRANSITIVE TRUST CHECKER

TRANSITIVE TRUST CHECKER

The Transitive Trust Checker produces trust-relationship graphs for one or more given DNS zones. The graphs show how the zones are related based on names, addresses and AS numbers.

View tool
KEY TOOL

KEY TOOL

Keytool is a simple Web form designed to assist with manipulation of DNSKEY data. It can re-format DNS key records, generate DS records and generate lines suitable for pasting into a named.conf file.

View tool
DNSViz

DNSViz

The ability to measure network and server behaviors from different network vantage points is important for understanding the general health of an IP network ecosystem. DNSViz is a tool for visualizing the status of a DNS zone. It was designed as a resource for understanding and troubleshooting deployment of the DNS Security Extensions (DNSSEC). It provides a visual analysis of the DNSSEC authentication chain for a domain name and its resolution path in the DNS namespace, and it lists configuration errors detected by the tool. Watch this webinar to learn more about DNSViz and how it might be used to vastly improve your DNS experience.

View tool
SELF-SERVE OPEN RESOLVER SCANNING

SELF-SERVE OPEN RESOLVER SCANNING

Open DNS Resolvers have been implicated in recent large-scale DDoS attacks. Many networks are unwitting homes to open resolvers, with some groups estimating as many as 20 million on the Internet. Using Verisign's self-service scanning tool, network operators can identify and monitor their address space for open resolvers at their convenience.

View tool
SECSPIDER

SECSPIDER

SecSpider is a utility to aid people's understanding of the size, scope, and trends of the global rollout of DNSSEC. Since early 2005, SecSpider has captured historical information about various zones and operated as a distributed key lookup service. The list of zones monitored are a combination of zones submitted by users, crawled from a list of over 2.5 million zones, and those walked via NSEC walking. For SecSpider to classify a zone as "secure," the zone must support EDNS0, have RRSIG records attached to resource record sets (RRsets), not have a CNAME for the zone's domain name, and provide NSEC records for denial of existence.

View tool