DNSSEC-Tools Components

From DNSSEC-Tools

The DNSSEC-Tools package is a very broad package that has many tools relating to DNS and DNSSEC. Some of the tools are fairly generic and are usable even if DNSSEC deployment isn't intended. The majority of them, however, are designed to help operators and users when deploying DNSSEC.

Please see our Installing DNSSEC-Tools page to obtain these tools, applications, patches, etc...

Some of the administration tools have optional GUI interfaces. Their CLI support is generally better, but the GUI support exists to help newer users configure application options without requiring as much advanced manual page reading.

The DNSSEC-Tools listed below are divided into groups based on need. Different people will need different components, and thus you should find the list that is most useful for you to start with. Be sure to look at the list of Tutorials as well, which will help you get started with each tool set.

Contents 1 DNSSEC-Tools Components 1.1 Zone Administration Tools 1.2 Authoritative Domain Name Server Tools 1.3 Recursive Domain Name Server Tools 1.4 Application/Script Writers 1.5 End Users (DNSSEC Native Applications) 1.6 DNS Error Checking Tools

DNSSEC-Tools Components

Zone Administration Tools
zonesigner	Manual Example CLI Help	Will generate keys and sign zones with one command.
donuts	Manual Example CLI Help	Error check the contents of your zone. You can extend it by Writing your own rules donuts does general DNS error checking including DNSSEC-specific checks.
mapper	Manual Example CLI Help	Graphically display the contents of your zone

Authoritative Domain Name Server Tools
zonesigner	Manual Example CLI Help	Will generate keys and sign zones with one command.
rollerd	Manual Example CLI Help	Automatic key rollover. A daemon which automatically (or manually) steps through updating Zone Signing and Key Signing Keys for a set of zones. It can be controlled while running with rollctl.
rollctl	Manual Example CLI Help	Send commands to daemon rollerd without restarting rollerd.
donuts	Manual Example CLI Help	Error check the contents of your zone. You can extend it by Writing your own rules donuts does general DNS error checking including DNSSEC-specific checks.
donutsd	Manual Example CLI Help	Daemon that regularly checks the contents of a set of zonees.
mapper	Manual Example CLI Help	Graphically display the contents of your zone
dnspktflow	Manual Example CLI Help	Visually trace DNS packets being sent on the network.
logwatch	Example	Included in current versions of logwatch A logwatch plugin for DNSSEC parsing of the BIND server's system logging messages.

Recursive Domain Name Server Tools
trustman	Manual CLI Help	Detects key changes in trust anchors (TAs), it can update TAs and it can run as a daemon.
dnspktflow	Manual Example CLI Help	Visually trace DNS packets being sent on the network.
logwatch	Example	Included in current versions of logwatch A logwatch plugin for DNSSEC parsing of the BIND server's system logging messages.

Application/Script Writers
libval libsres	Manual Manual	C libraries that implement DNSSEC aware DNS resolution APIs.
libval_shim	Manual	Preload shim library - maps DNS calls in legacy apps to equivalent DNSSEC functions.
Maketestzone	Manual	Generate a test dnssec zone that can be used to test DNSSEC validators.
Perl Modules:
Net::DNS::ZoneFile::Fast	Manual	Quickly read and parse a zone file into Net::DNS object records.
Net::DNS::SEC::Validator	Manual	Perl bindings to the libval and libsres libraries.
Net::addrinfo	Manual	interface to POSIX getaddrinfo and related constants, structures and functions

End Users (DNSSEC Native Applications)
Firefox	README	Patch to add DNSSEC support to Firefox
Sendmail	HowTo	Patch to add DNSSEC support to Sendmail
Postfix	2.3.x HowTo 2.2.x HowTo Example	Patch to add DNSSEC support to Postfix
LibSPF	HowTo	Patch to add DNSSEC support to Libspf2
Thunderbird	README	Patch to add DNSSEC support to Thunderbird
ssh	README	Patch to add DNSSEC support to ssh
lftp	HowTo	Patch to add DNSSEC support to lftp
wget	HowTo	Patch to add DNSSEC support to wget
ncftp	HowTo	Patch to add DNSSEC support to ncftp
proftpd	HowTo	Patch to add DNSSEC support to proftpd
jabberd		Patch to add DNSSEC support to jabberd

DNS Error Checking Tools
dnspktflow	Manual Example CLI Help	Visually trace DNS packets being sent on the network.
validate	Manual CLI Help	command line DNS validation checking (similar to dig). This is part of the libval and libsres package.
mapper	Manual Example CLI Help	Graphically display the contents of your zone
trustman	Manual CLI Help	Detects key changes in trust anchors (TAs), it can update TAs and it can run as a daemon.
donuts	Manual Example CLI Help	Error check the contents of your zone. You can extend it by Writing your own rules donuts does general DNS error checking including DNSSEC-specific checks.
logwatch	Example	Included in current versions of logwatch A logwatch plugin for DNSSEC parsing of the BIND server's system logging messages.