Naughty Nameserver

Naughty Nameserver is a tool designed to facilitate the testing of DNSSEC (Domain Name System Security Extensions) by providing a simple method for generating DNS responses with deterministic outcomes. It serves multiple DNS zones, each configured to return either valid or invalid responses, depending on the testing scenario.

Originally intended as a mock for unit testing Go-based DNSSEC validators, Naughty Nameserver morphed into a server that responds to actual DNS lookups. This makes it a versatile tool for developers and testers working with DNSSEC.

Documented in the project's README, there are now over 30 different testing scenarios available.

You can give it a try with the commands below.

Valid Response


dig @1.1.1.1 test.naughty-nameserver.com. +dnssec

Invalid Response


dig @1.1.1.1 test.invalid-signature-message.naughty-nameserver.com. +dnssec