You're viewing an archived page. It is no longer being updated.
DNSSEC Key Management Tools
This is a beta release of a DNSSEC key management tool that we have been developing as part of the DISI project.
The this program suite is designed to ease DNSSEC key management. The suite provides a front-end to the BIND dnssec-signzone and dnssec-keygen tools.
The suite contains, besides a number of libraries, the following programs:
- maintkeydb
A shell in which you maintain your keys - dnssigner
A signer that uses the key database to sign zones. - dnssecmaint-config
A tool to create an initial config. - dnssec-copyprivate
Copies key pairs out of the key database to a different location (Useful in combination with a dynamic zone.)
Appendix A of the documentation contains an small cookbook that may give you an idea of how these tools are used.
Documentaton
Extensive documentation for this tool set is availble as HTML or PDF.
Download and Installation
The installation instructions can be found in one of the appendices of the user documentation.The following components are available for signing.
- Bundle-Private-KeystoreSignerPre-1.004: A bundle to ease installation of prerequisite modules
- Net-DNS-SEC-Maint-Key-0.013: Provides the DNSSEC key database and the applications to maintain the keys.
- Net-DNS-SEC-Maint-Zone-0.012: Provides the zone signer that interfaces with the key database.
- Net-DNS-SEC-Maint-ZoneSigner-0.00_01: Provides a SOAP client for the signer. See the documentation for more information about this functionality.
Bugs and feature requests
We explicitly invite feedback, feature requests and bug reports are welcome.