From Electromagnetic Field
DNSSEC, What it is and why you need it
checking that resolving works
- dig +dnssec pointless.net
- look for ad bit set by resolver
- http://www.dnssec-failed.org/ <- should fail (broken on purpose).
DNSSEC client side plugins
Deploying and managing DNSSEC zones
Publishing key fingerprints in DNS
- DANE RFC
- swede (afaict the other TLSA record generating tools haven't been upgraded to use the new RRTYPE yet).
plugins for TLSA/DANE
- newer patched version of the extended validator that supports TLSA/type 52 records: http://people.redhat.com/pwouters/
- https servers to test against to test against:
- actually making it work: http://jpmens.net/2012/07/27/verifyhostkeydns-yessssss/
other useful bits
- http://people.redhat.com/pwouters/ <- good presentation and info if you are using fedora.
- http://dnssec-deployment.org/ <- lots and lots of good stuff here.
- js you can embed in your website to see if someone browsing it is dnssec enabled
-  <- also good.
- massive amount of stuff here.