NordVPN Promotion

Home / Blogs

A Free DNS Conformance Test Suite

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

The Domain Name System is now over 25 years old. Since the publication of RFCs 1034 and 1035 in 1987, there have been over 100 RFC documents published that extend and clarify the original DNS specs. Although the basic design of the DNS hasn’t changed, its definition is now extremely complex, enough so that it’s a challenging task to tell whether a DNS package correctly implements the specs.

Over the past year, Paul Hoffman and I have been working on a conformance test suite for the DNS. We built sofware tools that let us take all of those RFCs and identify the parts of each DNS that define requirements for DNS software. For each requirement, we created tests for anything that was reasonably testable, as opposed to an operational policy.

Different enterprises and vendors will have different views of what should or should not be tested, so the conformance test system allows easy selection of subsets of requirements to be tested. The entire system is made available under Creative Commons licenses so that anyone can use it and adapt it for local requirements. In addition, the overall test system is able to serve as the basis for creating conformance tests for other protocols.

The heart of the project is a database of all the RFCs and other documents that specify the current DNS. That database has an interactive web front-end and associated tools for marking up the requirements in the RFCs, and specifying tests for each requirement. The database can be turned into an HTML-formatted test plan that can be used to test conformance to the DNS specifications.

We assumed that people might disagree on some of the requirements in the RFCs, and might have different ideas about what tests to run for some requirements. Anyone can modify their own copy of the database and create their own test plans from their database. Because the test plans are valid structured HTML, comparing test plans is easy with any file comparison tool, particularly ones that are optimized for comparing HTML files.

The entire package is available for download on our web site. It’s written in python and mysql. We’ve run it on Ubuntu and FreeBSD, and it should be straightforward to get working on any system with reasonably recent python, mysql, and Apache software.

We thank the sponsors that made this project possible: Akamai, Dyn, Google, ICANN, Microsoft, and Verisign.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion