Announcing DSKM DNSsec key management tool ready for beta testing
Axel.Rau at Chaos1.DE
Mon Jun 4 21:41:24 UTC 2012
This is a DNSsec key management add-on to ISC bind 9.9.x for zones with
It creates and deletes keys, submits DS or DNSKEY RRs to parent,
validates chain of trust and does alarming per email if something goes wrong.
Zones may be local, public or reverse (IP4 or IP6).
Initial implemented registrar is joker.com and ip registry ripe.net.
Local means internal zones with local trust anchor.
Intention is to have DNSsec automated completely.
Design is state-table driven with transitions triggered by DNS query results
or point in time reached, written in Python3.
License is GPLv3, may be downloaded from here
Source at GitHub:
Who implements the next registrar?
I will implement manual registrar handover notification per email soon.
I'm still improving my knowledge about DNSsec (Thanks list!) but DSKM
is running with 3 test domains and shortend key life times for 2 months now
with only minor problems.
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
More information about the bind-users