Available DNS/BIND test suites

bert hubert bert.hubert at netherlabs.nl
Mon Jun 12 20:53:02 UTC 2006


On Fri, Jun 09, 2006 at 03:00:01PM -0700, Jim wrote:
>  I've been tasked with evaluating various DNS server implementations on
> different platforms. I am looking for DNS test suites that check for
> compliance with ALL the applicable RFC's. I'm familiar with the

Ok - but be aware that RFC compliance does not mean 'works well'. It is
perfectly RFC compliant to not perform compression against the question in a
DNS packet, for example, but it breaks quite a number of residential
routers if you neglect to do so. 

It appears these regard the magic sequence "0xc0 0x0c" as a sort of "Start
of answer" sequence, and not as the (optionally compressed) first answer.
See
http://blog.netherlabs.nl/articles/2006/04/13/the-general-mediocrity-of-the-world
'Go read the RFC already'.

> I need to check thing down to the individual bits in each packet. not
> just whether I get a response that appears to be correct.

In practice, what BIND does is 'correct'. Or inversely, if you do anything
other than BIND, you are asking for trouble. The RFCs are of secondary
importance, especially where they grant latitude.

> Any help with either a pointer additional test suites or getting either
> of the two packages I already have working would be greatly
> appreciated.

We mostly validate against BIND and DJBDNS, those being the 'industry
standard'.

Compared to many other protocols, some of the DNS RFCs are not as exacting,
or precisely worded.

Good luck!

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services



More information about the bind-users mailing list