Domain Name System Security Extensions - Tools

Tools

DNSSEC deployment requires software on the server and client side. Some of the tools that support DNSSEC include:

  • Windows 7 and Windows Server 2008 R2 include a "security-aware" stub resolver that is able to differentiate between secure and non-secure responses by a recursive name server.
  • BIND, the most popular DNS name server (which includes dig). Version 9.3 implemented the newer DNSSEC-bis (DS records) although it did not support NSEC3 records. BIND 9.6 was released in December 2008 and has full support for NSEC3 records.
  • Drill is a DNSSEC-enabled dig-like tool bundled with ldns.
  • Drill extension for Firefox adds to Mozilla Firefox the ability to determine if a domain can be verified using DNSSEC.
  • DNSSEC-Tools aims at providing easy to use tools for helping all types of administrators and users make use of DNSSEC. It offers tools for administrators of Authoritative Zones, Authoritative Server, and Recursive Servers as well as a library and tools for Application Developers and existing patches for extending common applications.
  • Phreebird is a DNS proxy that can add DNSSEC support on top of any other DNS server.
  • Zone Key Tool is a software designed to ease the maintenance of DNSSEC aware zones. It's primarily designed for environments with a small to medium number of zones and provides a full automatic zone signing key rollover as well as automatic resigning of the zone.
  • Unbound is a DNS name server that was written from the ground up to be designed around DNSSEC concepts.
  • GbDns is a compact, easy-to-install DNSSEC name server for Microsoft Windows.
  • mysqlBind The GPL DNS management software for DNS ASPs now supports DNSSEC.
  • OpenDNSSEC is a designated DNSSEC signer tool using PKCS#11 to interface with Hardware Security Modules.
  • SecSpider tracks DNSSEC deployment, monitors zones, and provides a list of observed public keys.
  • DNSViz and DNSSEC Analyzer are Web-based tools to visualize the DNSSEC authentication chain of a domain.
  • DNSSEC Validator is a Mozilla Firefox addon for visualization of DNSSEC status of the visited domain name.
  • DNSSHIM or DNS Secure Hidden Master is an open-source tool to automatize DNSSEC supported zones provisioning process.
  • Net::DNS::SEC is a DNS resolver implemented in Perl.

Read more about this topic:  Domain Name System Security Extensions

Famous quotes containing the word tools:

    There is a great satisfaction in building good tools for other people to use.
    Freeman Dyson (b. 1923)

    No man is born into the world, whose work
    Is not born with him; there is always work,
    And tools to work withal, for those who will:
    And blessèd are the horny hands of toil!
    James Russell Lowell (1819–1891)

    In child rearing it would unquestionably be easier if a child were to do something because we say so. The authoritarian method does expedite things, but it does not produce independent functioning. If a child has not mastered the underlying principles of human interactions and merely conforms out of coercion or conditioning, he has no tools to use, no resources to apply in the next situation that confronts him.
    Elaine Heffner (20th century)