This is a beta release of a DNSSEC key management tool that we have been
developing as part of the RIPE NCC DISI project.
The this program suite is designed to ease DNSSEC key
management. The suite provides a front-end to the BIND dnssec-signzone
and dnssec-keygen tools.
The
suite contains, besides a number of libraries, the following programs:
- maintkeydb
A shell in which you maintain your keys
- dnssigner
A signer that uses the key database to sign zones.
- dnssecmaint-config
A tool to create an initial config.
-
dnssec-copyprivate
Copies key pairs out of the key database to a different location
(Useful in combination with a dynamic zone.)
Appendix A of the
documentation contains an small cookbook that may give you an idea
of how these tools are used.
Documentaton
Extensive documentation for this tool set is availble as html or PDF.
Download and Installation
The installation instructions can be found in
one of the appendices of
the user documentation..
The following components are available for signing.
Bugs and feature requests
We explicitly invite feedback, feature requests and bug reports are
welcomed. Please mail
olaf@nlnetlabs.nl.