Tutorials
From DNSSEC-Tools Wiki
The DNSSEC-Tools tutorials are written in sections that are each targeted towards the needs of particular users. Feel free to read just the sections you need, or to browse through them all. If you browse them all, be aware that some tools are listed in multiple sections if they're of use to multiple types of DNSSEC-Tools users.
Contents |
How to Use DNSSEC-Tools / ShortTorials
In large part, how to use DNSSEC-Tools depends on who you are, and how you want to use DNSSEC. The following are descriptions of the expected types of uses/users of DNSSEC-Tools and links to wiki pages with short tutorials on which DNSSEC-Tools to use for that purpose and how to get up and running with those tools.
If you want to try the commands yourself, be sure to get and install DNSSEC-Tools first.
Authoritative Zone: ShortTorial
Administrators of authoritative zones will want want to setup and maintain DNSSEC supporting authoritative zones. These administrators are responsible for one or more DNS zones and want at least some of the zones to be signed with DNSSEC validated data available for the signed zones. Most administrators who are responsible for an authoritative zone are also authoritative server administrators, but not always. DNSSEC-Tools provides tools for easily signing a zone and verifying that the resulting data is valid.
Authoritative Server: ShortTorial
Administrators of authoritative servers will want to setup and maintain a DNSSEC supporting authoritative DNS server. They are responsible for one or more servers that serve out zones with signed DNSSEC validated data. With the possible exception of end applications, this where the majority of DNSSEC zone maintenance is done an where the majority of DNSSEC-Tools can help. DNSSEC-Tools provides tools for easily signing a zone, ensuring that a zone is always signed, rolling signing keys on a regular basis and verifying that the resulting data is valid.
Recursive Server: ShortTorial
Recursive server administrators will want to setup and maintain a DNSSEC aware validating recursive server. Validating servers are Domain Name Servers that perform DNS look-ups and verify the integrity of the data using DNSSEC data published with the zone records. Validating recursive servers may operate on a small or large scale. A recursive server could be run for the use of a single machine, a small network, a large enterprise or an ISP. The DNS would be configured with a list of zones that require DNSSEC validation and the trust anchors that are used as cryptographic starting points. DNSSEC-Tools provides tools for managing trust anchors, detecting and tracking trust anchor changes, as well as debugging tools for identifying the source of DNS related problems.
Using DNSSEC aware applications: ShortTorial
End-users at the desktop will want to use DNSSEC aware applications on their machine. They could be someone who wants their application to check DNSSEC validation when web browsing, making connections with ssh, or downloading files with wget. They could also be a person, group, or company that wants to have their mail (MTA) server use DNSSEC validation when sending out mail. DNSSEC-Tools provides a plethora of application patches that have been created as part of the DNSSEC-Tools project that allow various applications to support DNSSEC directly using the libval DNSSEC validating library. Read the ShortTorial for more info.
Develop DNSSEC aware applications: ShortTorial
Application developers will want to add DNSSEC support to their applications. DNSSEC-Tools' libval and libsres provide needed application-level DNSSEC validation and results to application developers.
Learn about DNSSEC firsthand: ShortTorial
Everyone will want to play with DNSSEC to figure out what it is about!
