Announcing DSKM DNSsec key management tool ready for beta testing

Axel Rau Axel.Rau at Chaos1.DE
Mon Jun 4 21:41:24 UTC 2012

This is a DNSsec key management add-on to ISC bind 9.9.x for zones with
       auto-dnssec maintain;
       inline-signing yes;
It creates and deletes keys, submits DS or DNSKEY RRs to parent,
validates chain of trust and does alarming per email if something goes wrong.

Zones may be local, public or reverse (IP4 or IP6).
Initial implemented registrar is and ip registry

Local means internal zones with local trust anchor.

Intention is to have DNSsec automated completely.

Design is state-table driven with transitions triggered by DNS query results
or point in time reached, written in Python3.

License is GPLv3, may be downloaded from here

Source at GitHub:
Who implements the next registrar?
I will implement manual registrar handover notification per email soon.

I'm still improving my knowledge about DNSsec (Thanks list!) but DSKM
is running with 3 test domains and shortend key life times for 2 months now
with only minor problems.

PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius

More information about the bind-users mailing list