Hi all, (apologies for cross-posting) As some of you may have picked up at the last ICANN DNSSEC workshop or at DNS OARC, we've started a project to track the impact of the Root KSK rollover over the coming months (dubbed the "Root Canary" project, see also https://rootcanary.org for rudimentary info). As a spin-off of this project, NLnet Labs and SURFnet have set up an online test that determines which DS and signing algorithms the resolver(s) configured on your system support. You can find the test here: https://rootcanary.org/test.html The test includes 4 DS algorithms (SHA1, SHA256, SHA512, GOST) and all signing algorithms. It does not do a full NSEC vs. NSEC3 test, as we assume that NSEC3 support likely also means NSEC is supported. Feedback/suggestions are of course welcome , please contact me and/or Willem Toorop at NLnet Labs. Cheers, Roland -- -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet -- e: roland.vanrijswijk@surfnet.nl