DNSSEC-Tools Components

From DNSSEC-Tools
Jump to: navigation, search

The DNSSEC-Tools package is a very broad package that has many tools relating to DNS and DNSSEC. Some of the tools are fairly generic and are usable even if DNSSEC deployment isn't intended. The majority of them, however, are designed to help operators and users when deploying DNSSEC.

Please see our Installing DNSSEC-Tools page to obtain these tools, applications, patches, etc...

Some of the administration tools have optional GUI interfaces. Their CLI support is generally better, but the GUI support exists to help newer users configure application options without requiring as much advanced manual page reading.

The DNSSEC-Tools listed below are divided into groups based on need. Different people will need different components, and thus you should find the list that is most useful for you to start with. Be sure to look at the list of Tutorials as well, which will help you get started with each tool set.

DNSSEC-Tools Components

Zone Administration Tools
zonesigner Manual
Example
CLI Help
Will generate keys and sign zones with one command.
donuts Manual
Example
CLI Help
Error creating thumbnail: File missing
Error check the contents of your zone.
You can extend it by Writing your own rules
donuts does general DNS error checking including DNSSEC-specific checks.
mapper Manual
Example
CLI Help
Error creating thumbnail: File missing
Graphically display the contents of your zone
Authoritative Domain Name Server Tools
zonesigner Manual
Example
CLI Help
Will generate keys and sign zones with one command.
rollerd Manual
Example
CLI Help
Automatic key rollover. A daemon which automatically (or manually) steps through updating Zone Signing and Key Signing Keys for a set of zones. It can be controlled while running with rollctl.
rollctl Manual
Example
CLI Help
Error creating thumbnail: File missing
Send commands to the rollerd daemon without restarting rollerd.
dtrealms Manual
Example
CLI Help
Rollover realm management. A daemon which manages multiple simultaneous rollerd environments on a single host. dtrealms can be controlled with the realmctl command.
realmctl Manual
Example
CLI Help
Send commands to the dtrealms daemon.
donuts Manual
Example
CLI Help
Error creating thumbnail: File missing
Error check the contents of your zone.
You can extend it by Writing your own rules
donuts does general DNS error checking including DNSSEC-specific checks.
donutsd Manual
Example
CLI Help
Error creating thumbnail: File missing
Daemon that regularly checks the contents of a set of zones.
mapper Manual
Example
CLI Help
Error creating thumbnail: File missing
Graphically display the contents of your zone.
dnspktflow Manual
Example
CLI Help
Error creating thumbnail: File missing
Visually trace DNS packets being sent on the network.
logwatch Example Included in current versions of logwatch
A logwatch plugin for DNSSEC parsing of the BIND server's system logging messages.
Recursive Domain Name Server Tools
trustman Manual
CLI Help
Detects key changes in trust anchors (TAs), it can update TAs and it can run as a daemon.
DNSSEC-Nodes Graphically depicts the DNSSEC results from a lookup from logfiles
dnspktflow Manual
Example
CLI Help
Error creating thumbnail: File missing
Visually trace DNS packets being sent on the network.
logwatch Example Included in current versions of logwatch
A logwatch plugin for DNSSEC parsing of the BIND server's system logging messages.
Application/Script Writers
libval
libsres
Manual
Manual
C libraries that implement DNSSEC aware DNS resolution APIs.
libval_shim Manual Preload shim library - maps DNS calls in legacy apps to equivalent DNSSEC functions.
Maketestzone Manual Generate a test dnssec zone that can be used to test DNSSEC validators.
Perl Modules:
Net::DNS::ZoneFile::Fast Manual Quickly read and parse a zone file into Net::DNS object records.
Net::DNS::SEC::Validator Manual Perl bindings to the libval and libsres libraries.
Net::addrinfo Manual interface to POSIX getaddrinfo and related constants, structures and functions
End Users (DNSSEC Native Applications)
Firefox and Bloodhound README
Error creating thumbnail: File missing
Error creating thumbnail: File missing
Patch to add DNSSEC support to Firefox
Sendmail HowTo Patch to add DNSSEC support to Sendmail
Postfix 2.3.x HowTo
2.2.x HowTo
Example
Patch to add DNSSEC support to Postfix
LibSPF HowTo Patch to add DNSSEC support to Libspf2
Thunderbird README Patch to add DNSSEC support to Thunderbird
ssh README Patch to add DNSSEC support to ssh
lftp HowTo Patch to add DNSSEC support to lftp
wget HowTo Patch to add DNSSEC support to wget
ncftp HowTo Patch to add DNSSEC support to ncftp
proftpd HowTo Patch to add DNSSEC support to proftpd
jabberd Patch to add DNSSEC support to jabberd
DNS Error Checking Tools
DNSSEC-Check
Error creating thumbnail: File missing
Check your resolvers for DNSSEC compliance.
dnspktflow Manual
Example
CLI Help
Error creating thumbnail: File missing
Visually trace DNS packets being sent on the network.
validate Manual
CLI Help
command line DNS validation checking (similar to dig). This is part of the libval and libsres package.
mapper Manual
Example
CLI Help
Error creating thumbnail: File missing
Graphically display the contents of your zone
trustman Manual
CLI Help
Detects key changes in trust anchors (TAs), it can update TAs and it can run as a daemon.
donuts Manual
Example
CLI Help
Error creating thumbnail: File missing
Error check the contents of your zone.
You can extend it by Writing your own rules
donuts does general DNS error checking including DNSSEC-specific checks.
logwatch Example Included in current versions of logwatch
A logwatch plugin for DNSSEC parsing of the BIND server's system logging messages.
DNSSEC Management Tools
blinkenlights Manual
Example
CLI Help
Error creating thumbnail: File missing
Display information on the current state of the zones rollerd is managing. Some aspects of rollerd execution and zone control may be performed with blinkenlights.
bubbles Manual
CLI Help
Error creating thumbnail: File missing
Simple display of the rollover status of zones managed by rollerd. Each managed zone is shown in a color-coded button in a window of buttons. This is a display-only tool; actual control is not allowed.
lights Manual
CLI Help
Error creating thumbnail: File missing
Very simple overview of the rollover status of zones managed by rollerd. A stoplight-style display shows those zones in normal operation, those zones in rollover, and those zones in need of manual intervention. This is a display-only tool; actual control is not allowed.
grandvizier  
Error creating thumbnail: File missing
Display information on the current state of the realms dtrealms is managing. Some aspects of dtrealms execution and realm control may be performed with grandvizier.
Webmin Integration  
Error creating thumbnail: File missing
Patch for enabling zone administration using dnssec-tools via the Webmin front-end.
Integrated into Webmin 1.590.
Network-Monitoring Tools
Nagios Plugin and Modifications  
Error creating thumbnail: File missing
A plugin and modifications to the Nagios computer and network monitoring system. The dt_zonestat plugin retrieves zone rollover status from a rollrec file. The modifications provide nicer Nagios output for the result of the dt_zonestat plugin.

These modifications have been made to Nagios version 3.2.3.

Owl Monitoring System   Monitors response time of DNS queries.
Owl Monitoring System -- IIP-local Setup   Owl monitors response time of DNS queries. This describes the setup and organization for SPARTA/Parsons' IIP group.
Zabbix Plugins  
Error creating thumbnail: File missing
Modifications to the Zabbix monitoring system.
These monitor plugins have been developed under Zabbix version 1.8.8.
This is currently under development and has not been released yet.