Difference between revisions of "DNSSEC"

From ArchWiki
Jump to: navigation, search
(added few links)
(added lots of links to HOWTOs + BIND to software)
Line 1: Line 1:
 
{{stub}}[[Category:Networking (English)]][[Category:Security (English)]]
 
{{stub}}[[Category:Networking (English)]][[Category:Security (English)]]
 +
 +
 
== Facts ==
 
== Facts ==
 
* http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
 
* http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
* http://linux.die.net/man/1/sshfp
+
* http://www.dnssec.net/
 +
** http://www.dnssec.net/practical-documents
 +
** http://www.dnssec.net/rfc
 +
* https://www.iana.org/dnssec/
 
* https://www.dnssec-tools.org/
 
* https://www.dnssec-tools.org/
 +
* http://linux.die.net/man/1/sshfp
 
* http://bugs.archlinux.org/task/20325 - [DNSSEC] Add DNS validation support to ArchLinux
 
* http://bugs.archlinux.org/task/20325 - [DNSSEC] Add DNS validation support to ArchLinux
 +
 +
  
 
== DNSSEC Packages ==
 
== DNSSEC Packages ==
 
* '''dnssec-root-zone-trust-anchors''' http://aur.archlinux.org/packages.php?ID=39315
 
* '''dnssec-root-zone-trust-anchors''' http://aur.archlinux.org/packages.php?ID=39315
** essential package contains keys to internet stored in /usr/share/dnssec-trust-anchors/
+
** essential package contains keys to internet from [https://www.iana.org/dnssec/ IANA] stored in /usr/share/dnssec-trust-anchors/
 
** VERY important!
 
** VERY important!
 
* '''ldns''' http://aur.archlinux.org/packages.php?ID=18996
 
* '''ldns''' http://aur.archlinux.org/packages.php?ID=18996
Line 25: Line 33:
 
*** https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 
*** https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 
** some tools https://www.dnssec-tools.org/wiki/index.php/DNSSEC-Tools_Components
 
** some tools https://www.dnssec-tools.org/wiki/index.php/DNSSEC-Tools_Components
 +
** [[PERL]] API
 
* '''openssh-dnssec''' http://aur.archlinux.org/packages.php?ID=39296
 
* '''openssh-dnssec''' http://aur.archlinux.org/packages.php?ID=39296
 
** see lower on this page
 
** see lower on this page
Line 30: Line 39:
 
** Generates DNS SSHFP-type records from SSH public keys from public keys from a known_hosts file or from scanning the host's sshd daemon.
 
** Generates DNS SSHFP-type records from SSH public keys from public keys from a known_hosts file or from scanning the host's sshd daemon.
 
** not directly related to DNSSEC, but i guess this will become very popular because of DNSSEC
 
** not directly related to DNSSEC, but i guess this will become very popular because of DNSSEC
 +
 +
  
 
== Howto enable DNSSEC in specific software ==
 
== Howto enable DNSSEC in specific software ==
 +
  
 
https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 
https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
Line 42: Line 54:
 
** instantly adds minimal DNSSEC support to ssh (no SSHFP support).
 
** instantly adds minimal DNSSEC support to ssh (no SSHFP support).
 
** usage: '''alias ssh=ssh-dnssec'''
 
** usage: '''alias ssh=ssh-dnssec'''
 +
 
=== [[Firefox]] ===
 
=== [[Firefox]] ===
 
* DNSSEC Validator plugin https://addons.mozilla.org/en-US/firefox/addon/64247/
 
* DNSSEC Validator plugin https://addons.mozilla.org/en-US/firefox/addon/64247/
Line 47: Line 60:
 
** you need ldns and dnssec-root-zone-trust-anchors packages for this plugin
 
** you need ldns and dnssec-root-zone-trust-anchors packages for this plugin
 
* dnssec-tools + firefox patch: https://www.dnssec-tools.org/wiki/index.php/Firefox
 
* dnssec-tools + firefox patch: https://www.dnssec-tools.org/wiki/index.php/Firefox
 +
 +
=== [[Bind]] (serving signed DNS zones) ===
 +
* http://www.dnssec.net/practical-documents
 +
** http://www.cymru.com/Documents/secure-bind-template.html '''(configuration template!)'''
 +
** http://www.bind9.net/manuals
 +
** http://www.bind9.net/BIND-FAQ
 +
* http://blog.techscrawl.com/2009/01/13/enabling-dnssec-on-bind/
 +
* [[DNS with bind]]
 +
 
=== [[Postfix]] (fight spam and frauds) ===
 
=== [[Postfix]] (fight spam and frauds) ===
 
* dnssec-tools + patch
 
* dnssec-tools + patch

Revision as of 21:49, 31 July 2010

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:DNSSEC#)


Facts


DNSSEC Packages


Howto enable DNSSEC in specific software

https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications

OpenSSH

Firefox

Bind (serving signed DNS zones)

Postfix (fight spam and frauds)

  • dnssec-tools + patch

jabberd

  • dnssec-tools + patch

Thunderbird

  • dnssec-tools + patch

lftp

  • dnssec-tools + patch

wget

  • dnssec-tools + patch

proftpd

  • dnssec-tools + patch

Sendmail

  • dnssec-tools + patch

LibSPF

  • dnssec-tools + patch

ncftp

  • dnssec-tools + patch