Verisign jdnssec-tools

This is a collection of Java-based DNSSEC command line tools.They are intended to be an addition or replacement for the DNSSEC tools that are part of BIND 9.

These tools depend upon DNSjava, the Apache Commons CLI and Sun's Java Cryptography extensions. A copy of each of these libraries is included in the distribution. Currently, these tools use a custom version of the DNSjava library with minor modifications, which is provided.

Binary and Source packages
Binary: jdnssec-tools-0.12.tar.gz
Source: jdnssec-tools-0.12-src.tar.gz

The tools included in this package are:

jdnssec-signzone
This is a DNSSEC zone signer. It supports normal RFC 4035 signing, as well as signing using NSEC3.
jdnssec-verifyzone
This is a tool to verify a signed zone for DNSSEC correctness. This tool verifies that a zone was correctly signed. It checks that all signatures are valid, all expected signatures exist, all expected NSEC or NSEC3 records exist and are correctly formed, and that the NSEC/NSEC3 chain is correctly formed.
jdnssec-zoneformat
This is a simple tool for reformatting a zone (possibly signed by another set of tools) into a known format, to make it easier to compare zones via tools like 'diff'. This tool can also be used to annotate NSEC3 records with original ownernames (similar to the output of jdnssec-signzone.)
jdnssec-keygen
This is a DNSSEC key generation tool.
jdnssec-dstool
This is a simple tool for generating DS (or DLV) records from DNSKEY records.
jdnssec-keyinfo
This is a simple DNSKEY introspection tool.
jdnssec-signkeyset
A tool for (self) signing bare DNSKEY RRsets.
jdnssec-signrrset
A tool for signing bare RRsets with given keys.

See the Change Log for a list of recent changes.

The source for this project is also available via git on github.com:: https://github.com/dblacka/jdnssec-tools. The modified DNSjava library can be found at: https://github.com/dblacka/jdnssec-dnsjava.

There is a mailing list available for the discussion of these tools: dnssec@verisignlabs.com. You must be a subscriber to the list to post. General questions, comments, or complaints may be sent to dnssec-questions@verisignlabs.com

© Copyright Verisign, Inc. 2011