DNSSEC Key Management Tools

This is a beta release of a DNSSEC key management tool that we have been developing as part of the DISI project.

The this program suite is designed to ease DNSSEC key management. The suite provides a front-end to the BIND dnssec-signzone and dnssec-keygen tools.

The suite contains, besides a number of libraries, the following programs:

  • maintkeydb
    A shell in which you maintain your keys
  • dnssigner
    A signer that uses the key database to sign zones.
  • dnssecmaint-config
    A tool to create an initial config.
  • dnssec-copyprivate
    Copies key pairs out of the key database to a different location (Useful in combination with a dynamic zone.)

Appendix A of the documentation contains an small cookbook that may give you an idea of how these tools are used.

 

Documentaton

Extensive documentation for this tool set is availble as HTML or PDF.

Download and Installation

The installation instructions can be found in one of the appendices of the user documentation.The following components are available for signing.

Bugs and feature requests

We explicitly invite feedback, feature requests and bug reports are welcomed. Please mail net-dns-sec _at_ ripe _dot_ net.