dnssec signing tools
Evan Hunt
each at isc.org
Sun Mar 21 17:50:56 UTC 2010
> I should have been more specific.. What dnssec tools do the folks at ISC
> recommend.. I am scheduled for a 5 day class in Arlington, VA in May 2010
The ones we provide are dnssec-keygen and dnssec-signzone, which are
included with BIND. Also, named itself--as of BIND 9.7.0, it can sign
your zones automatically and even roll your keys on schedule. (It can't
generate the keys for you, though; you have to do that by hand.)
ZKT and dnssec-tools seem to be very cool, but I haven't used them
extensively. ZKT is included with BIND in the contrib directory.
For validation testing, the best tool I know of is drill, which is
included with Unbound.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list