From ArchWiki
Revision as of 14:14, 28 October 2010 by Harvie (talk | contribs) (→‎See Also: page moved)
Jump to navigation Jump to search


DNSSEC Packages

Howto enable DNSSEC in specific software

If you want full support of DNSSEC, you need each single application to use DNSSEC validation. It can be done using several ways:

OpenSSH (fixes only weak point in SSH design)

Firefox (secure browsing - enchancment of HTTPS)

Chromium/Google Chrome (secure browsing - enchancment of HTTPS)

  • Vote for #50874
    • Patches not yet...
    • DNSSEC Drill extension (EXPERIMENTAL!)
      • you need ldns and dnssec-root-zone-trust-anchors packages for this plugin

Bind (serving signed DNS zones)

Postfix (fight spam and frauds)

  • dnssec-tools + patch

jabberd (fight spam and frauds)

  • dnssec-tools + patch

Thunderbird (secure logins)

  • dnssec-tools + patch

lftp (secure downloads and logins)

  • dnssec-tools + patch

wget (secure downloads)

  • dnssec-tools + patch


  • dnssec-tools + patch

Sendmail (fight spam and frauds)

  • dnssec-tools + patch


  • dnssec-tools + patch

ncftp (secure downloads and logins)

  • dnssec-tools + patch

libpurple (pidgin + finch -> secure messaging)

  • no patches yet
  • Vote for #12413

DNSSEC Hardware

You can check if your router/modem/AP/etc... supports DNSSEC (many different features) using dnssec-tester (Python & GTK+ based app) to know if it's DNSSEC compatible and using this tool you can also upload gathered data to server, so other users and manufacturers can be informed about compatibility of their devices and eventualy fix the firmware (they will be probably urged to do so). (Before running tester please make sure, that you do not have any other nameservers in /etc/resolv.conf). You can also find the results of performed tests on dnssec-tester website.

See Also