Current test plans (yet to be fully realized) include fuzzing the added attack surface (i.e. throwing data blobs at the validator) as well as deliberately crafted DNSSEC chains (e.g. ones with expired signatures, missing links, invalid links, etc.)
== nginx and openssl ==
The following patch adds DNSSEC-TLS functionality to nginx 1.0.4: [http://wiki.mozilla.org/File:Nginx-1.0.4-pwyll.patch.gz nginx-1.0.4-dnssec-tls.patch.gz]
This patch is adds DNSSEC-TLS functionality to openssl 1.0.0d (required for nginx) : [http://wiki.mozilla.org/File:Openssl-1.0.0d-pwyll.patch.gz openssl-1.0.0d-dnssec-tls.patch.gz]