VeriSign DNSSEC Tools

This is a collection of java-based DNSSEC command line tools.They are intended to be an addition or replacement for the DNSSEC tools that are part of BIND 9.

These tools depend upon DNSjava, the Jakarta Commons CLI and Sun's Java Cryptography extensions. A copy of each of these libraries is included in the distribution. Currently, these tools use a custom version of the DNSjava library (for NSEC3 support), which is provided.

Binary and Source packages
Binary: jdnssec-tools-0.8.4.tar.gz
Source: jdnssec-tools-0.8.4-src.tar.gz

The tools included in this package are:

jdnssec-signzone
This is a dnssec zone signer. It supports normal RFC 4035 signing, as well as signing using NSEC3.
jdnssec-keygen
This is a DNSSEC key generation tool.
jdnssec-verifyzone
This is a tool to verify all of the signatures in a zone for cryptographic validity. It does not check to see if the zone is otherwise correctly signed.
jdnssec-zoneformat
This is a simple tool for reformatting a zone (possibly signed by another set of tools) into a known format, to make it easier to compare zones via tools like 'diff'.
jdnssec-dstool
This is a simple tool for generating DS (or DLV) records from DNSKEY records.

The source for this project is also available via a subversion repository: http://svn.verisignlabs.com/main/dnssec/sectools/trunk. The modified DNSjava library can be found at: http://svn.verisignlabs.com/main/dnssec/dnsjava/trunk.

There is a mailing list available for the discussion of these tools: dnssec@verisignlabs.com. You must be a subscriber to the list to post. General questions, comments, or complaints may be sent to dnssec-questions@verisignlabs.com

© Copyright VeriSign, Inc. 2004-2006