2.1.13
/ June 26, 2023; 10 months ago (2023-06-26)[2]
Repository
github.com/opendnssec/opendnssec
Written in
C, C++
Operating system
Linux, FreeBSD, NetBSD, Mac OS X, Solaris
Type
DNSSEC
License
BSD
Website
www.opendnssec.org
SoftHSM
Stable release
2.6.1
/ April 29, 2020; 4 years ago (2020-04-29)[3]
Repository
github.com/opendnssec/SoftHSMv2
Written in
C++
Operating system
Linux, FreeBSD, NetBSD, Mac OS X
License
BSD
Website
www.opendnssec.org
OpenDNSSEC is a computer program that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures DNS zone data just before it is published in an authoritative name server. OpenDNSSEC takes in unsigned zones, adds digital signatures and other records for DNSSEC and passes it on to the authoritative name servers for that zone. All keys are stored in a hardware security module and accessed via PKCS #11, a standard software interface for communicating with devices which hold cryptographic information and perform cryptographic functions. OpenDNSSEC can be paired with SoftHSM which provides a Software emulation of a hardware security module.[4]
OpenDNSSEC runs two dedicated daemons these are ods-enforcerd which acts as a enforcer Engine Daemon with the role of enforcing the KASP (Key and Signing Policy), and the ods-signerd which carries out actual signing of the zone. A DNS zone will failed to be signed if either process fail.
The ods-enforcer client program may be used to interact with the enforcer Engine and can be used to initiate such actions as a key rollover manually.
OpenDNSSEC uses the Botan cryptographic library, and SQLite or MySQL as database back-end. It is used on the .fr,[5].se, .dk, .nl,[6].nz[7] and .uk top-level domains.[8]
^"NEWS". OpenDNSSEC. 1.0.0. 9 February 2010. Retrieved 18 June 2022 – via GitHub.
^"OpenDNSSEC 2.1.13".
^"SoftHSM 2.6.1".
^"OpenDNSSEC » SoftHSM". OpenDNSSEC.org. Retrieved 29 January 2024.
^Levigneron, Vincent. "DNSSEC: change of algorithm for the .fr zone". Afnic. Retrieved 30 January 2024.
^Ubbink, Stefan. "New DNSSEC algorithm for .nl". www.sidn.nl. Retrieved 10 February 2024.
Security Extensions (DNSSEC) to further enhance Internet security. OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures DNS zone...
designed around DNSSEC concepts. mysqlBind, the GPL DNS management software for DNS ASPs, now supports DNSSEC. OpenDNSSEC is a designated DNSSEC signer tool...
to store the key material that is used to sign large zonefiles. OpenDNSSEC is an open-source tool that manages signing DNS zone files. On January 27,...
House OpenDocument Spreadsheet file format Online dating service Operational data store, an intermediate data warehouse for databases OpenDNSSEC, a security...
members of NLnet. They develop DNS-related software, such as NSD, Unbound, OpenDNSSEC and getDNS. The roots of NLnet Labs have their origins in the NLnet Foundation...
Firefox – a web browser Mozilla Thunderbird – an email client OpenDNSSEC – a DNSSEC signer OpenSSL – TLS/SSL library (with engine_pkcs11) GnuTLS – TLS/SSL...
HKPS, HKPS+DNSSEC+DANE, HTTPS, HTTPS+HPKP or HTTPS+HPKP+DNSSEC+DANE. If a vast number of user's group create their own new DLV based DNSSEC registry, and...
IETF. It fully supports the DNSSEC protocol since 19 March 2013. Previously, Google Public DNS accepted and forwarded DNSSEC-formatted messages but did...
project to resolve bufferbloat in home networking, support IPv6, integrate DNSSEC, for wired and wireless, to complement the debloat-testing kernel tree and...
in DNSSEC Delegation Signer (DS) Resource Records RFC 4470, Minimally Covering NSEC Records and DNSSEC On-line Signing RFC 5155, DNS Security (DNSSEC) Hashed...
DNS as KEY RRs and a private key is stored at the signer." RFC 3445, §1. "DNSSEC will be the only allowable sub-type for the KEY RR..." RFC 3755, §3. "DNSKEY...
supports DNSSEC signing and among others hosts root zone (B, K, and L root name servers), several top-level domains. Knot Resolver is an open source modern...
and 4th) OpenDNS Addresses". OpenDNS. Archived from the original on 2013-05-27. Retrieved 2011-09-21. "Setup Guide". OpenDNS. "OpenDNS DNSSEC General Availability"...
top-level resource records to delegate authoritative name servers and set up DNSSEC zone signing directly. Existing TLDs are reserved in the Handshake blockchain...
management interfaces for PowerDNS. The PowerDNS Authoritative Server supports DNSSEC as of version 3.0. While pre-signed zones can be served, it is also possible...
Secure DNS (DNSSEC) uses cryptographic digital signatures signed with a trusted public key certificate to determine the authenticity of data. DNSSEC can counter...
authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC) ‒ and a Diffie–Hellman key exchange to set up a shared session secret from...
addressed by DNS-based Authentication of Named Entities (DANE), a part of DNSSEC, and in particular by RFC 7672 for SMTP. DANE allows to advertise support...
2, RFC 1912 section 2.4) The exception is when DNSSEC is being used, in which case there can be DNSSEC related records such as RRSIG, NSEC, etc. (RFC...
version. While djbdns does not directly support DNSSEC, there are third party patches to add DNSSEC support to djbdns' authoritative-only tinydns component...