1 / 10

DNSSEC implmentations @ IETF-60 2004/08/02

DNSSEC implmentations @ IETF-60 2004/08/02. Olafur Gudmundsson. Key management tools. Bind-9.3.0 dnssec-keygen: Generates DNSKEY = s and KEY records depending on input parameters. Net::DNS::SEC::Maint::Key Toolkit for maintaining keys for zone signing. Olaf Kolkman. Trust anchor tools.

kemp
Download Presentation

DNSSEC implmentations @ IETF-60 2004/08/02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNSSEC implmentations@ IETF-60 2004/08/02 Olafur Gudmundsson

  2. Key management tools • Bind-9.3.0 dnssec-keygen: • Generates DNSKEY=s and KEY records depending on input parameters. • Net::DNS::SEC::Maint::Key • Toolkit for maintaining keys for zone signing. • Olaf Kolkman

  3. Trust anchor tools • Net-DNS-SEC-Utils-TrustedKeys • Tool to maintain trust anchors up to date using a n-of-m schema • Olaf Kolkman • RB-TrustAnchor • Tool to maintain trust anchors up to date using the revoke bit schema • Olafur Gudmundsson

  4. Zone signing • Bind-9.3.0: dnssec-signzone • Fully Signs a zone • NIST Secure Zone Integrity Tester • Tool to check zone before and after signing for compliance with DNSSEC-bis.

  5. Serving • NSD: • Authoritative Server • full support. • Bind-9.3.0: • Authoritative server • Full Support • Recursive valdating server: • Full support

  6. End Resolvers • Bind-9.3.0 www.isc.org • Stub resolver with TSIG and AD support. • Dig: +sigchase is a simple dnssec validator with supplied trust anchors. • DNSJava • Stub resolver with TSIG and AD support • Drill • Simple DNSSEC testing tool • Miek Gieben

  7. Documentation • DNSEC HowTo • Olaf Kolkman (not ready yet) • NIST 800 series document - DNS Security Administrators Guide • Scott Rose http://www-x.antd.nist.gov/dnssec

  8. Testing tools • DNSSEC server benchmark test • Scott Rose http://www-x.antd.nist.gov/dnssec

  9. DNS(sec) API • Some of the efforts claim to have exported API, not the same. • Do we need to standarize DNS API? • GetRRsetByName() • ???

  10. Final comments • Good number of early tools • Only tools reported to me included, some other projects out there. • Looking forward: Advancing DNSSEC-bis documents we need two independent implementaitons of all functional units. • Close but some more needed, in particular we like more recursive caching resolvers.

More Related