File: README

package info (click to toggle)
dnssec-tools 1.13-1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 16,064 kB
  • sloc: perl: 44,399; ansic: 31,547; cpp: 21,306; sh: 15,813; xml: 2,113; makefile: 1,390; pascal: 836; python: 290; csh: 11
file content (136 lines) | stat: -rw-r--r-- 4,786 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
# Copyright 2004-2012 SPARTA, Inc.  All rights reserved.
# See the COPYING file included with the DNSSEC-Tools package for details.
#

			     DNSSEC-Tools
			Is your domain secure?

OVERVIEW

  The goal of the DNSSEC-Tools project is to create a set of tools,
  patches, applications, wrappers, extensions, and plugins that will
  help ease the deployment of DNSSEC-related technologies.

ABOUT THE TOOLS

  For more information about this project and the tools that are being
  developed and provided, please see our project web page at:

    http://www.dnssec-tools.org/

INSTALLATION

  Most of the tools, perl modules, and other things described on the
  web page above are easily installed by following the instructions in
  the INSTALL file.  However, some of the results of this package are
  patches to external programs that will hopefully be fed back into
  those projects where possible.  In the meantime, there are patches
  included within this source tree that can be applied to those other
  projects.

CONTENTS DESCRIPTION

  The various pieces of the DNSSEC-Tools project are spread across several
  directories.  These pieces are briefly described here.

  Most of the tools take a --version flag to let you know their
  individual version number.  The numbers reported will be < 0.9 if
  they're to be considered "alpha" quality.  If >= 0.9 and < 1.0 then
  they should be considered "beta".  Version numbers of 1.0 and above
  should be considered more well-tested, robust and less likely to
  change.

  Libraries:

    validator/libsres
        A library that is capable of sending queries to, and
        receiving answers from a DNSSEC-aware name server.

    validator/libval
        A library that provides DNSSEC resource-record
        validation functionality.

  Application Patches and DNSSEC Support:

    apps/libspf2-1.x.y_dnssec
        Patches to libspf2 to provide DNSSEC validation of DNS
        queries.

    apps/mozilla
        Contains the following:
        - Patches to firefox to enable DNSSEC name
          checking validation on visited URLs.
        - Patches to thunderbird to enable DNSSEC name
          checking validation on visited URLs
        - An extension that displays DNSSEC status information
        - A thunderbird extension to display the x-dnssec field
          in the Received-SPF header.

    apps/sendmail
        Patches to sendmail and spfmilter to provide DNSSEC
        validation of DNS queries.

  Tools:

    tools/scripts
        Perl scripts for signing DNSSEC zones and maintaining
        those signed zones.  See the tools/scripts/README file
        for details.  The vast majority of the useful
        DNSSEC-Tools scripts (like zonesigner) are contained
        in this directory.

    validator/apps/validate
        A tool which can display the sequence of queries and
        their results used to validate a DNS query.  The
        stderr output of this command can serve as input to
        the drawvalmap tool described below.

    tools/donuts
        A dnssec aware zone file checker / lint-like application.

    tools/donutsd
        Runs donuts on zone files on a regular bases (eg,
        daily) and emails the results.  Useful for knowing
        when zone data breaks due to DNSSEC signatures
        expiring or other data consistency issues).

    tools/logwatch
        Patches to logwatch configuration files and scripts to
        manage log files for BIND security function.  These
        patches are now included in the recent releases of
        logwatch and may not be needed if you have a recent
        release.

    tools/dnspktflow
        A tool which can produce visual diagrams of DNS
        traffic flows which have been captured using tcpdump.

    tools/mapper
        A tool that can generate graphical maps of DNS zones,
        including color coding of DNSSEC related data.

    tools/modules
        DNSSEC-Tools Perl modules.  These modules provide interfaces
        for such things as reading configuration files and manipulating
        DNSSEC-Tools-specific data.

    tools/modules/Net-DNS-SEC-Validator
        A perl module wrapper around the libval library.

    tools/drawvalmap
        A variation of dnspktflow which can produce visual
        diagrams of DNS queries sent by the validator
        while performing DNSSEC validation.  The input for
        this command can come from the validate tool described
        above.

    tools/etc       
        Data required by DNSSEC-Tools programs.

    tools/linux/ifup-dyn-dns
        This is a script which can be used to securely
        auto-update a DNS entry when an IP address is assigned
        to an interface.

    tools/patches
        Patch files to be applied to existing programs.