Skip to content

Home

Jump to bottom Edit New page
David Blacka edited this page Jun 20, 2019 · 3 revisions

Welcome to the jdnssec-tools wiki!

This is a collection of Java-based DNSSEC command line tools. They are intended to be an addition or replacement for the DNSSEC tools that are part of BIND 9.

This project includes a number of command line tools:

  • jdnssec-signzone. This is a DNSSEC zone signer. It supports normal RFC 4035 signing, as well as signing using NSEC3.
  • jdnssec-verifyzone. This is a tool to verify a signed zone for DNSSEC correctness. This tool verifies that a zone was correctly signed. It checks that all signatures are valid, all expected signatures exist, all expected NSEC or NSEC3 records exist and are correctly formed, and that the NSEC/NSEC3 chain is correctly formed.
  • jdnssec-zoneformat: This is a simple tool for reformatting a zone (possibly signed by another set of tools) into a known format, to make it easier to compare zones via tools like 'diff'. This tool can also be used to annotate NSEC3 records with original ownernames (similar to the output of jdnssec-signzone.)
  • jdnssec-keygen: This is a DNSSEC key generation tool.
  • jdnssec-dstool: This is a simple tool for generating DS (or DLV) records from DNSKEY records.
  • jdnssec-keyinfo: This is a simple DNSKEY introspection tool.
  • jdnssec-signkeyset: A tool for (self) signing bare DNSKEY RRsets.
  • jdnssec-signrrset: A tool for signing bare RRsets with given keys.
Add a custom footer
Add a custom sidebar
Clone this wiki locally