From DNSSEC-Tools
Revision as of 11:12, 19 February 2009 by Tewok (Talk | contribs) (DNSSEC-Tools tools TODOs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


  • 1 = Must implement
  • 2 = Implement only if we find it to be useful
  • 3 = On our wish list, no immediate plans of implementing



Pri Piece Creator Status
1 Opportunistic encryption Story patches in SVN, should be available in 1.3 release
2 One of {NFS, Samba} or something similar - -
2 ENUM/SIP - -
2 Radius - -

Internet Applications

Pri Piece Creator Status
1 Firefox 1.5.x Hardaker final tweaks
1 Jabberd 2.0 Story final tweaks
1 Sendmail MTA Abhijit done
1 Postfix MTA Mike almost done
1 libspf2 and SPFMilter Abhijit done
1 Gaim/libgaim - -
1 Thunderbird Email client - -
2 RSS Reader - -
2 SPAM BL fetching - -
2 Wireshark (looking for validation errors/stealth mode operation) - -

Open source tools

Pri Piece Creator Status
1 SSH Story final tweaks
1 wget Baer implemented and patch will be in DT 1.2
1 lftp Story bailed when cvs branch lftp-3-4-7 failed to configure/build on FC5 (note to self: try to build original code before wasting time developing patch)
1 ncftp Story implemented and patch will be in DT 1.2
1 proftpd Story implemented and patch will be in DT 1.2; Note: vsftpd (included in RHEL) does practically nothing with DNS names.
1 rsync - -
1 KDE - -
2 dump/restore - -
2 cvs/svn - -
2 curl - -
3 Other FTP Clients: ftp, gftp, lftp - -


Pri Piece Creator Possible Change
1 zonesigner Morrison Multiple zones in a keyrec file have problems with signing sets. (see mail from Suresh)
1 zonesigner Morrison The initial zone line for each zone keyrec may not always be added. (see mail from Suresh)
1 zonesigner Morrison zonesigner should generate a warning if two different key tags collide during key generation. (request from 10/07 SNIP workshop)
1 zonesigner Morrison Offline operation for zonesigner/rollerd -- don't want keys online. (request from 10/07 SNIP workshop)
3 zonesigner Morrison Abstract the keygen and zonesign operations so non-BIND packages can be used.
3 zonesigner Morrison Make sure the GUI interface is up-to-date.
3 zonesigner Morrison It'd be nice to allow for multiple zones in a single keyrec file. (request from 10/07 SNIP workshop)
1 rollerd Morrison There appear to be problems with the "roll all ZSKs" user command.
1 rollerd Morrison Must allow for automated removal from KSK phase 6.
1 rollerd Morrison KSK rollover isn't quite right. (see mail from Suresh from around 10/16/08)
3 rollerd Morrison There should be a "roll all KSKs" command.
3 rollerd/rollctl Morrison Add -rollonce. (requested by Wes Hardaker) (already implemented?)
3 rollerd Morrison Tests and demos start KSK rollover immediately, even when this shouldn't necessarily be done.
3 rollctl Morrison "rollctl -zsargs" needs an all-zone wildcard.
3 Morrison It might be useful to modify rollrec files to allow zone groups. In addition to this module, this change would probably require changes most of the roll tools. Depending on how it's implemented, rollerd may not need mods.
3 roll tools Morrison It'd be nice to administratively separate the role-bassed stuff. (requested by Wes Hardaker)
3 blinkenlights Morrison Add a "Roll KSK" command.
3 blinkenlights Morrison Going to "show no keys" seems to require a two-stage window update. It'd be nice if this was a single operation.
3 blinkenlights Morrison Sometimes clicking on domain or status gives an error:

"Tk::Error: Can't call method "PathName" on an undefined value at /usr/bin/blinkenlights line 2116. <Button> (command bound to event)". Looks like it's related to "Hide All Keysets" command.

3 dtconf-editor Morrison It'd be nice to have a GUI for creating and editing DNSSEC-Tools configuration files.
3 dtinitconf Morrison This tool should help with finding the location of the BIND tools.
1 rollrec-editor Morrison Choosing the "Exit" command causes a segmentation fault. This is not a good thing.
3 rollrec-editor Morrison An "Undo" command would be very nice.
3 open issue Morrison Should rollerd allow simultaneous KSK and ZSK rollovers for a particular zone.

Suites (All Pri 1)

  • Possibly different suites ... each tailored to a class of zone operators. Each suite will wrap around
    • Editors (for zone files)
    • Wizard
      • Upload Zone
      • Sign
      • Test
      • Master / Slave
    • Key Rollover
    • Docs
    • Parent Upload
    • Policy
    • Resolver Config

Policy Tools (All Pri 1)

  • Manage DNSSEC-related policies: resolver-level
Pri Piece Creator Status
  • Manage DNSSEC-related policies: enterprise-level
  • last-hop?
  • Trust Anchor Configuration
    • link to libsres/ libval?
    • configuration
    • rollover client management

Parent-child tools (All Pri 1)

  • Support for different types of parent zones