Monitoring DNSSEC with Doorway Sniffer

Third to last, Doorway Sniffer (Gáttaþefur) uses his abnormally large nose and acute sense of smell to locate Christmas “leaf” bread.

It’s a gift they say. You can do so much with it! Sure, it kind of stands out and it is a somewhat conspicuously grand sniffer nose for a simple Yule Lad, but it’s a talent like no other. Not even trained sniffer dogs can match my ability to detect delicious leaf bread, no matter where it’s hidden. I’m also super good at finding keys and lost toys, but only if you managed to touch it with sticky fingers before losing it. I generally find more keys than toys.

Large sniffers are often also sensitive sniffers. Just like a signed DNSSEC zone is much more vulnerable to software or operational errors, my sniffer is also more vulnerable to bread errors. Sometimes, I think I’m detecting “leaf” bread, but the only thing on offer is gluten free spelt bread. That’s such a disappointing misconfiguration.

In a signed DNSSEC zone, such small misconfigurations can render the whole zone invalid. Therefore it’s always a good idea to monitor a newly signed DNSSEC zone to detect potential DNSSEC validation issues before the zone goes public. Or at least that’s what Leppaludi says, and he sure knows a lot about validation issues, being married to Mother and all. He’s given me a great list of tools to help me monitor DNSSEC signed zones. Who knows, it might even help me with my nose!   I just won’t be the same without it.