VeriSign jDNSSEC Tools

This is a collection of Java-based DNSSEC command line tools.They are intended to be an addition or replacement for the DNSSEC tools that are part of BIND 9.

These tools depend upon DNSjava, the Apache Commons CLI and Sun's Java Cryptography extensions. A copy of each of these libraries is included in the distribution. Currently, these tools use a custom version of the DNSjava library (for minor usability tweaks), which is provided.

Binary and Source packages
Binary: jdnssec-tools-0.9.6.tar.gz
Source: jdnssec-tools-0.9.6-src.tar.gz

The tools included in this package are:

jdnssec-signzone
This is a dnssec zone signer. It supports normal RFC 4035 signing, as well as signing using NSEC3.
jdnssec-keygen
This is a DNSSEC key generation tool.
jdnssec-verifyzone
This is a tool to verify all of the signatures in a zone for cryptographic validity. It does not check to see if the zone is otherwise correctly signed.
jdnssec-zoneformat
This is a simple tool for reformatting a zone (possibly signed by another set of tools) into a known format, to make it easier to compare zones via tools like 'diff'.
jdnssec-dstool
This is a simple tool for generating DS (or DLV) records from DNSKEY records.
jdnssec-keyinfo
This is a simple DNSKEY introspection tool.
jdnssec-signkeyset
A tool for (self) signing bare DNSKEY RRsets.

The source for this project is also available via a subversion repository: http://svn.verisignlabs.com/main/dnssec/sectools/trunk. The modified DNSjava library can be found at: http://svn.verisignlabs.com/main/dnssec/dnsjava/trunk.

There is a mailing list available for the discussion of these tools: dnssec@verisignlabs.com. You must be a subscriber to the list to post. General questions, comments, or complaints may be sent to dnssec-questions@verisignlabs.com