This is a DNSsec key management add-on to ISC bind 9.9.x for zones with auto-dnssec maintain; inline-signing yes; It creates and deletes keys, submits DS or DNSKEY RRs to parent, validates chain of trust and does alarming per email if something goes wrong.
Zones may be local, public or reverse (IP4 or IP6). Initial implemented registrar is joker.com and ip registry ripe.net. Local means internal zones with local trust anchor. Intention is to have DNSsec automated completely. Design is state-table driven with transitions triggered by DNS query results or point in time reached, written in Python3. License is GPLv3, may be downloaded from here https://sourceforge.net/projects/dskm/files/ Source at GitHub: https://github.com/rabaxabel/DSKM Who implements the next registrar? I will implement manual registrar handover notification per email soon. I'm still improving my knowledge about DNSsec (Thanks list!) but DSKM is running with 3 test domains and shortend key life times for 2 months now with only minor problems. Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users