PowerDNS now offers DNSSEC for testing as online signing tool


PowerDNS now offers PowerDNSSEC, an online signing tool that is ready for trial in test zones.  Bert Hubert of Netherlabs Computer Consulting BV notes that “PowerDNS is carrier-grade supported open source. We expect our DNSSEC implementation to be suitable for deployment soonish. PowerDNSSEC will allow you to continue operating as normal in many cases, with only slight  changes to your installation. There is no need to run signing tools, nor is there a need to rotate keys or run scripts.”

PowerDNS supports:
  • NSEC
  • NSEC3 in ordered mode (pre-hashed records)
  • NSEC3 in narrow mode (unmodified records)
  • (as discussed here earlier in the week)
  • Being a ‘signing-slave’ for legacy hidden master
  • Zone transfers (for NSEC)
  • Import of ‘standard’ private keys from BIND/NSD
  • Export of ‘standard’ private keys
  • RSASHA1
  • “Pure” PostgreSQL, SQLite3 & MySQL operations
  • Hybrid BIND/PostgreSQL/SQLite3/MySQL operation

You can access documentation for PowerDNSSEC and  use a wiki to learn more about PowerDNSSEC configuration, help and known issues.

Comments are closed.