This tool is now retired.  This page is archived for historical purposes.

OARC maintains a number of DNS zones that may be used to test DLV registries for correct operation.

  • These zones exists only so that they will be published in DLV registries.
  • The zone content is intended to be very stable.
  • The zones are signed with keys that expire in the year 2029 so that there are effectively no key rollovers.

nsec.dlvtest.dns-oarc.net

This is a "traditionally" signed zone (i.e., with NSEC records).

Example

$ /usr/local/bin/dig +dnssec @149.20.64.20 a.nsec.dlvtest.dns-oarc.net txt

; <<>> DiG 9.6.0-P1 <<>> +dnssec @149.20.64.20 a.nsec.dlvtest.dns-oarc.net txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53209
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;a.nsec.dlvtest.dns-oarc.net.   IN      TXT

;; ANSWER SECTION:
a.nsec.dlvtest.dns-oarc.net. 3587 IN    TXT     "A is for AXFR"
a.nsec.dlvtest.dns-oarc.net. 3587 IN    RRSIG   TXT 5 5 3600 20290507202328 2009
0512202328 54345 nsec.dlvtest.dns-oarc.net. lgQom2AlrtIcO8CkPgHjynOG/gNZpl5gG+Eo
UiTJKmaLLLKFjWfNodKV asQezdPQTqKiGyjt+1BqwzF1C1nfyRS8ClajayHVkIoOe8SP1O2dPOaj ou
RxzP3EUrKiRA8XeBfVsQDiHlG90Jb0ANoa0VEw6GXSrPTH0qwDFCN+ SPk=

;; AUTHORITY SECTION:
nsec.dlvtest.dns-oarc.net. 3587 IN      NS      sns-pb.isc.org.
nsec.dlvtest.dns-oarc.net. 3587 IN      NS      ns.dns-oarc.net.
nsec.dlvtest.dns-oarc.net. 3587 IN      RRSIG   NS 5 4 3600 20290507202328 20090
512202328 54345 nsec.dlvtest.dns-oarc.net. ohvO4FvllHMnPvbW1LwoZz6gbFhRUW4CTIzDU
A+h1/L5abJcyM0c6tf8 T8tK5x62o0huHGxZLDLHBg+yldXA4WZb/oDAdmsqHl580LJk+h8hCEgQ l8A
lGd45+H/V508PVYtrOvL4GdXnzYA0gRP1GAxBoPctdiegmYszbnpQ Dz0=

;; Query time: 3 msec
;; SERVER: 149.20.64.20#53(149.20.64.20)
;; WHEN: Tue May 12 23:12:00 2009
;; MSG SIZE  rcvd: 497

KSKs

nsec.dlvtest.dns-oarc.net 3600  IN DNSKEY 257 3 5 (
                          AwEAAejxNtUB1RBO7DZP1NtC2V46LWt5r2XM
                          5ykywFYmeG6LCmn6oafG27djNKFyCHWAmNmZ
                          XaQXg60YAGT8XQdMrmvidPCQqrB7w2ZO0w/r
                          EqVp74KT46yuTKGBOUFJ4nWLw77mvxG4v8HE
                          hvZUyYspLvBSt/qi72S66SP2njyymaQbZAT0
                          ZP4NsjO6L8UugDwGJuRdd1qXyOLf9blogviF
                          jdFe7Y8aTV071VCSj7/iTg0sqPlZvy5kZB1S
                          z+yE/xrvqDA7WIMDpr5nahWPbAzmNigLZFy1
                          +PKF4U4ZTp3t9+kPqWpSBE0NpfaGY79b96JR
                          MRHtGM/+TqWj79jRZyUE1oU=
                          ) ; key id = 23716

DS RRs

nsec.dlvtest.dns-oarc.net. IN DS 23716 5 1 F43B74D7745534459F42353CC6B144D580D3A09D
nsec.dlvtest.dns-oarc.net. IN DS 23716 5 2 0FA363B292EB5D739CCC5640D6A48C565DC65AB71E6B3BBDAD544FA5 17E9FCF2

nsec3.dlvtest.dns-oarc.net

The nsec3.dlvtest.dns-oarc.net zone is signed using NSEC3 parameters.

Example

$ /usr/local/bin/dig @149.20.64.20 +dnssec a.nsec3.dlvtest.dns-oarc.net txt

; <<>> DiG 9.6.0-P1 <<>> @149.20.64.20 +dnssec a.nsec3.dlvtest.dns-oarc.net txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33411
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;a.nsec3.dlvtest.dns-oarc.net.  IN      TXT

;; ANSWER SECTION:
a.nsec3.dlvtest.dns-oarc.net. 3497 IN   TXT     "A is for AXFR"
a.nsec3.dlvtest.dns-oarc.net. 3497 IN   RRSIG   TXT 7 5 3600 20290423210819 2009
0428210819 24299 nsec3.dlvtest.dns-oarc.net. Y6pexYHlZvOd5TRhaarMtFskPzRp1h46NJo
TLrwWQKF/Fm+yBFAnSsPy ZR3mgOzLFsmPR/djE4d8N0Q+YiU8MrdHssOUjN2/wEH/BD7Ae3MA5tVQ Q
FN0aoR/Vswn3l2dSPKAydWVUeN8diVAkpRtzuMCtE6TF4Q3qOEWjWwB 4t8=

;; AUTHORITY SECTION:
nsec3.dlvtest.dns-oarc.net. 3497 IN     NS      ns.dns-oarc.net.
nsec3.dlvtest.dns-oarc.net. 3497 IN     NS      sns-pb.isc.org.
nsec3.dlvtest.dns-oarc.net. 3497 IN     RRSIG   NS 7 4 3600 20290423210819 20090
428210819 24299 nsec3.dlvtest.dns-oarc.net. CIZEf09nKsD39DApxRkFTSG42gNHkD+qEl7p
EeGr8S/W1eVstdDBHpKd lQm2xj05n8bvdcLzYwfmX2l/wbb2eOrvc/AwKtq7EGn7etTc3tcO6boe AN
IC2w2z31pBZZ9T5yb3ZFCEBQZ2yjDTxnuXF3QxF8TrAZG7FHyhz9bD 1Ng=

;; Query time: 58 msec
;; SERVER: 149.20.64.20#53(149.20.64.20)
;; WHEN: Tue May 12 21:28:36 2009
;; MSG SIZE  rcvd: 500

KSKs

nsec3.dlvtest.dns-oarc.net 3600 IN DNSKEY 257 3 7 (
                           AwEAAbJYUhirmD3ikHY9wzIdbXcxtLxYO21Z
                           8GGnIJxInHicgpJGulJCqykEDh9/mD0NZ60H
                           DEiyYeN6PV5vRvoeKLdbsaKCnRASP3Q8vNeF
                           ZYzt/iF1cKzHq4H/YpQgS455tdOvv5jcBb7W
                           +v3WY8z5qU5tZjAXvZzFhHJGwiAvSoKmasPn
                           oM5GK3ITdGGOQqfcsgd0wVQLvtz+TVyZJJFN
                           SBHwBoG6UYX1gjHICEpDxKu/2ab/VLc/z1z1
                           CLcjVty8kuXDj26pi96Wg07eo67QfHqVbzbi
                           5Cmi0LtmH3L4Z0AfRspMLf7mtwonmAMSL7ek
                           ciOr3FkE3XCS6OFt4WWNFpc=
                           ) ; key id = 16221

DS RRs

nsec3.dlvtest.dns-oarc.net. IN DS 16221 7 1 F1B24669EEE652DB659480BFF4BC17B4DE98BB5A
nsec3.dlvtest.dns-oarc.net. IN DS 16221 7 2 C0934456DC4A2981FE936961714A292A8A349A517A4C0BCBE40D306F 4489A538