The SK-DNSSEC extension is released as a patch to BIND9, under a BSD-style
license.
Details about installation and configuration
steps can be found here.
Latest release: the source code is currently not
maintained anymore, but can be provided upon request.
To-Do List for future releases
- DNS messages are handled as opaque data and are authenticated by
appending binary data at the end of the message. A more elegant solution
would be to store the additional authenticating SK-DNSSEC binary data as a
"meta-record", a la TSIG.
- clarify the use of GOOD_ONLY, PARTIAL_ONLY flag in the isc_entropy_get() in the ISC
library.
- find a way to ask for a root certificate only (right now a root
certificate request is always combined with a regular DNS query).
- the key shared by a name server with its parent must not necesarilly be in the
shared_keys_list. The key should be moved outside the shared_key_list, since
a name server will always have only one key shared with its parent.
Past releases:
- SK-DNSSEC 2004-02-26
- source code: skdnssec-20040226.tar.gz
- list of known bugs
If you download the SK-DNSSEC code, please subscribe to the
skdnssec-users mailing
list. Announcements will be posted to this mailing list.
We encourage and appreciate your feedback.