Difference between revisions of "DNSSEC"

From ArchWiki
Jump to: navigation, search
(Howto enable DNSSEC in specific software: chromium browser)
(Enabling DNSSEC using LD_PRELOAD)
Line 33: Line 33:
 
*** https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 
*** https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 
** some tools https://www.dnssec-tools.org/wiki/index.php/DNSSEC-Tools_Components
 
** some tools https://www.dnssec-tools.org/wiki/index.php/DNSSEC-Tools_Components
 +
*** https://www.dnssec-tools.org/wiki/index.php/Applications
 +
** libval-shim LD_PRELOAD library to enable DNSSEC for lots of DNSSEC unaware programs http://www.dnssec-tools.org/docs/tool-description/libval_shim.html
 
** [[PERL]] API
 
** [[PERL]] API
 
* '''openssh-dnssec''' http://aur.archlinux.org/packages.php?ID=39296
 
* '''openssh-dnssec''' http://aur.archlinux.org/packages.php?ID=39296
Line 44: Line 46:
 
== Howto enable DNSSEC in specific software ==
 
== Howto enable DNSSEC in specific software ==
  
 +
If you want full support of DNSSEC, you need each single application to use DNSSEC validation. It can be done using several ways:
 +
* patches
 +
** https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 +
** https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Application_Development
 +
* plugins, extensions, wrappers
 +
* universal LD_PRELOAD wrapper
 +
** libval-shim from dnssec-tools: http://www.dnssec-tools.org/docs/tool-description/libval_shim.html
 +
* DNS proxy
  
https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Applications
 
  
 
=== [[OpenSSH]] (fixes only weak point in SSH design) ===
 
=== [[OpenSSH]] (fixes only weak point in SSH design) ===
Line 66: Line 75:
 
** [http://chromium.googlecode.com/issues/attachment?aid=-8803347052009476090&name=chromium-drill-dnssec-validator.zip&token=6e3489c4e5c62bfaae02516be442d7da DNSSEC Drill extension] (EXPERIMENTAL!)
 
** [http://chromium.googlecode.com/issues/attachment?aid=-8803347052009476090&name=chromium-drill-dnssec-validator.zip&token=6e3489c4e5c62bfaae02516be442d7da DNSSEC Drill extension] (EXPERIMENTAL!)
 
*** you need ldns and dnssec-root-zone-trust-anchors packages for this plugin
 
*** you need ldns and dnssec-root-zone-trust-anchors packages for this plugin
 
  
 
=== [[Bind]] (serving signed DNS zones) ===
 
=== [[Bind]] (serving signed DNS zones) ===

Revision as of 18:38, 2 August 2010

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:DNSSEC#)


Facts


DNSSEC Packages


Howto enable DNSSEC in specific software

If you want full support of DNSSEC, you need each single application to use DNSSEC validation. It can be done using several ways:


OpenSSH (fixes only weak point in SSH design)

Firefox (secure browsing - enchancment of HTTPS)

Chromium/Google Chrome (secure browsing - enchancment of HTTPS)

Bind (serving signed DNS zones)

Postfix (fight spam and frauds)

  • dnssec-tools + patch

jabberd (fight spam and frauds)

  • dnssec-tools + patch

Thunderbird (secure logins)

  • dnssec-tools + patch

lftp (secure downloads and logins)

  • dnssec-tools + patch

wget (secure downloads)

  • dnssec-tools + patch

proftpd

  • dnssec-tools + patch

Sendmail (fight spam and frauds)

  • dnssec-tools + patch

LibSPF

  • dnssec-tools + patch

ncftp (secure downloads and logins)

  • dnssec-tools + patch