CRX id
hpmbmjbcmglolhjdcbicfdhmgmcoeknm
hpmbmjbcmglolhjdcbicfdhmgmcoeknm
Description from extension meta
Shows DNSSEC status
Image from store
Description from store
DNSSEC Validator (2.1.0 version)
DNSSEC Validator is a web browser add-on, which allows you to check the existence and validity of DNS Security Extensions (DNSSEC) records related to domain names in the address of the webpage currently displayed in your browser window. The result of this check is displayed using colour keys and information texts in the page’s address bar. For more imformation and/or troubleshooting consult the project's homepage (http://www.dnssec-validator.cz/documentation.html).
Works for Chrome: Windows 32-bit, Linux x86/x86_64, Mac OS X x86/x86_64
Note: If you have already installed this extension in development mode, you have to remove it manually before installing the version from Web Store repository. After the installation of the DNSSEC Validator 2.1.0 please check the settings of the installed add-on. It should be reset to the default value "Without resolver". This value will provide correct behaviour of the validation process on most internet connections.
DNSSEC Validator contains binary NPAPI plug-in, thus you will get the warning "This extension can access all webpages you visit and all files on the computer." upon installation. However, only thing that is accessed is the system resolver setting.
A nice 3-rd party howto on installation and usage can be found at http://www.internetsociety.org/deploy360/resources/how-to-add-dnssec-support-to-google-chrome/.
Latest reviews
- (2017-08-13) Pierre Humbled: Ne fonctionne pas chez moi avec la dernière version de chrome.
- (2017-05-09) David BAUMANN: -Ne fonctionne pas du tout sur chrome 59 (l'icone reste toujours grise quelque soit les options). -l'url dans la description retourne une page 404! -Le site montre des captures d'un Google Chrome très lointain.
- (2017-01-19) Crews Gore: This plugin does not work. It is enabled, but does not do anything.
- (2014-06-05) Christian Elsen: Great tool! Really useful and I wish Google Chrome had this functionality already build in. It would be great if the version available here could be upgrade to the latest, so it will include TLSA validation as well.
- (2013-05-06) Rémi Rampin: Doesn't work here. Nothing is displayed, options page is blank.
- (2013-05-01) Kyhwana Pardus: Doesn't work with SOCKS/http proxy set. Extension says the IP is 127.0.0.1, which obviously doesn't match the resolved IP.
- (2013-04-16) Martin Straka: Hello, if the DNS server or the resolver, which is currently being used, does not support DNSSEC then a warning pop-up is displayed. Typically this behaviour can occur at wireless connection when user moves between several WIFI connection without restarting the browser. In such situation, you should change the validator settings. Set a custom resolver which supports DNSSEC data forwarding (e.g., 8.8.8.8), or you can use the ‘Without resolver’ choice. Best Regards. Martin Straka Labs CZ.NIC
- (2013-04-10) Nick van den Heuvel: Nice small extension! Worked like a charm until today: I keep on getting a popup complaining my resolver/server doesn't support DNSSEC every minute. I disabled the extension till a solution will be implemented.
- (2013-04-09) Ath Athanasius: I thought this was working perfectly, i.e. it shows the grey icon for 'Not secured by DNSSEC' on most sites, but the green one on my own domain which I know is. However I keep on getting a popup complaining my resolver/server doesn't support DNSSEC, when it definitely does as evidenced both by prior testing and this extension showing the green icon for my own domain. This is on a static ADSL 2+ connection with 'Use system settings' (which means my own local bind 9 instance on a Debian stable system on the local network).
- (2012-12-24) Anna Litvinova: labs.nic.cz: Domain is signed, but chain of trust can not be established.
- (2012-11-30) Teodor MICU: "Domain is signed, but chain of trust can not be established." This is displayed on all DNSSEC enabled sites, pro bably due to being unable to verify one IPv6 root server -- no IPv6 from ISP here.