[dnssec-deployment] Rather than hijacking the 5011 thread...

Holger Zuleger Holger.Zuleger at hznet.de
Tue Dec 2 15:59:24 EST 2008 


Dave Piscitello wrote:
> I've been studying the DNSSEC tools lists, patches, packages, etc.
> 
> I'm not an Open Source expert, at best a casual package and patch user, 
> so be gentle if I characterize this wrong.
> 
> It seems that there are several DNSSEC implementations that are asserted 
> to be production ready, but I can't connect the dots to understand how 
> any or all of these go from assertion to part of standard builds and 
> distributions for the various Linux incarnations (Red Hat, Ubuntu, 
> Debian, etc.).

For the Zone Key Tool there are ports available for FreeBSD and OpenBSD 
and it is contributed with BIND 9.6.

Holger
> 
> Your insights welcomed...
> 
> -------- Original Message --------
> From: - Mon Dec 01 10:25:56 2008
> X-Account-Key: account2
> X-UIDL: 121693
> X-Mozilla-Status: 0011
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
> Return-Path: <dnssec-deployment-report at shinkuro.com>
> Received: from [64.18.0.37] (HELO psmtp.com)  by fe2.hargray.com 
> (CommuniGate Pro SMTP 5.2.3)  with SMTP id 49018704 for 
> yodave at hargray.com; Mon, 01 Dec 2008 10:24:14 -0500
> Received: from source ([209.92.50.54]) by exprod5mx191.postini.com 
> ([64.18.4.10]) with SMTP;    Mon, 01 Dec 2008 10:24:15 EST
> Received: (qmail 26329 invoked by uid 3330); 1 Dec 2008 15:24:13 -0000
> Delivered-To: corecom-dave at corecom.com
> Received: (qmail 22702 invoked from network); 1 Dec 2008 15:24:12 -0000
> Received: from mail.shinkuro.com (HELO execdsl.com) (216.194.124.237) by 
> vws0101.fast.net with SMTP; 1 Dec 2008 15:24:12 -0000
> X-ListServer: CommuniGate Pro LIST 4.2.7
> List-Unsubscribe: <mailto:dnssec-deployment-off at shinkuro.com>
> List-ID: <dnssec-deployment.shinkuro.com>
> List-Archive: <http://shinkuro.com:8100/Lists/dnssec-deployment/List.html>
> Message-ID: <list-17224789 at execdsl.com>
> Sender: "DNSSEC deployment" <dnssec-deployment at shinkuro.com>
> To: DNSSEC deployment <dnssec-deployment at shinkuro.com>
> Precedence: list
> Received: from nutshell.tislabs.com ([192.94.214.100] verified)  by 
> execdsl.com (CommuniGate Pro SMTP 4.2.7)  with ESMTP id 17224795 for 
> dnssec-deployment at shinkuro.com; Mon, 01 Dec 2008 08:15:06 -0700
> Received-SPF: pass receiver=execdsl.com; client-ip=192.94.214.100; 
> envelope-from=hardaker at tislabs.com
> Received: (from uucp at localhost)    by nutshell.tislabs.com 
> (8.12.9/8.12.9) id mB1FNMh6021009;    Mon, 1 Dec 2008 10:23:22 -0500 (EST)
> Received: from nodnsquery(10.66.1.30) by nutshell.tislabs.com via csmap 
> (V6.0)    id srcAAAGCaacP; Mon, 1 Dec 08 10:23:22 -0500
> Received: from localhost (localhost.tislabs.com [127.0.0.1])    by 
> pecan.tislabs.com (Postfix) with ESMTP id 198D63F49E;    Mon,  1 Dec 
> 2008 10:21:09 -0500 (EST)
> From: Wes Hardaker <hardaker at tislabs.com>
> Cc: pawal at blipp.com (Patrik Wallstrom)
> Cc: bmanning at vacation.karoshi.com
> Organization: Sparta
> References: <list-17213313 at execdsl.com> <list-17213317 at execdsl.com>
> Date: Mon, 01 Dec 2008 07:23:49 -0800
> In-Reply-To: <list-17213317 at execdsl.com> (Patrik Wallstrom's message of 
> "Tue,    25 Nov 2008 13:55:33 +0100")
> X-Original-Message-ID: <sdbpvv2a2i.fsf at wes.hardakers.net>
> User-Agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Subject: Re: [dnssec-deployment] RFC 5011
> X-pstn-neptune: 0/0/0.00/0
> X-pstn-levels: (S:99.90000/99.90000 CV:99.9999 R:95.9108 P:95.9108 
> M:97.0282 C:98.6951 )
> X-pstn-settings: 4 (1.5000:1.5000) s cv gt3 gt2 gt1 r p m c
> X-pstn-addresses: from <hardaker at tislabs.com> [1879/82]
> 
>>>>>> On Tue, 25 Nov 2008 13:55:33 +0100, Patrik Wallstrom 
>>>>>> <pawal at blipp.com> said:
> 
>>> Has -anyone- (other than presumeably Mike) built an implementation of
>>> RFC 5011, automated key rollover?  I'm dusting off my crufty old
>>> Threshold code, but that is not "spec".
> 
> PW> There are two implementations that I am aware of. The first one is
> PW> included with the Sparta dnssec-tools - http://www.dnssec-tools.org/
> ...
> PW> I don't think any of these tools are ready for general consumption.
> 
> Trustman is fairly solid as far as we're concerned.  Though I wouldn't
> declare it perfect we don't have any outstanding major issues and it has
> been used by a number of people.  We'd love more feedback on it's
> performance so we could actually declare it "production ready" which we
> haven't done because we're not sure of people that have done extensive
> testing with it.
> 
> 
> ------------------------------------------------------------------------
> 
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>

-- 
Holger Zuleger / Zur Röderburg 6 / D-35315 Homberg/Ohm-Höingen /
xmpp:hoz at jabber.hznet.de / http://www.hznet.de / tel:+49 6633 642022

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5006 bytes
Desc: S/MIME Cryptographic Signature
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20081202/848d242e/attachment.bin

More information about the Dnssec-deployment mailing list