That is the goal after all, is there anyone currently working on this? I
would like to contribute where-ever possible as I use this library
daily and am committed to python. So functions like these I will need.
--
Brian Smith
On 04/08/2011 11:42 AM, Bob Halley wrote:
On 7 Apr 2011, at 19:56, Brian Smith wrote:
Hello,
I'm trying to sign a zone, however I would like to have other's users input
here, am I doing this correctly? Is there a shortcut in dnspython that I am not
seeing?
dnspython does not have any code for signing zones currently, though recent
versions of dnspython do have basic code for validating signatures.
If you want to make signatures, taking a look at dns.dnssec._validate_rrsig()
is a good place to start. In particular, it shows how to correctly compute the
digest. The code you included for generating digests was not correct.
Maintaining a secure zone is complicated and tedious, which is why dnspython
doesn't yet do it :) Signing the rdata is just the start of the fun. You also
need do deal with NSEC and/or NSEC3, and a good solution would also deal with
signature regeneration and key rollover.
/Bob
_______________________________________________
dnspython-users mailing list
[email protected]
http://howl.play-bow.org/mailman/listinfo.cgi/dnspython-users
