A custom developed DNS nameserver that creates dynamic delegated subdomains to enable clients to always query for never-seen-before resource records in order to support a general-purpose framework for testing DNS resolvers. Back to checking!
With the special crafted subdomains and the ability to send "wrong" DNS answers it is possible to analyze the functionality and hopefully tell what RFCs the clients DNS resolver infrastructure supports.
While many of the checks are simple checks for transport and protocol support, such as IPv6 and TCP, some are for advance features.
This checks if RPKI origin validation is enabled between the DNS resolver and authority.
Please read the blog post RPKI origin validation for resolvers! for more information.
This checks if querying is done as described in RFC 7816, DNS Query Name Minimisation to Improve Privacy.
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together key operators, implementors, and researchers on a trusted platform so they can coordinate responses to attacks and other concerns, share information and learn together.
OARC, Inc. is a nonprofit corporation formed under the laws of the State of Delaware. The corporation was created June 30, 2008 (file number 4569769).
For more information please visit https://www.dns-oarc.net.