OpenDNSSEC
Encyclopedia
The OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures zone
data just before it is published in an authoritative name server. OpenDNSSEC takes in unsigned zones, adds the signatures
and other records for DNSSEC and passes it on to the authoritative name servers for that zone. All keys are stored in a Security Module
and accessed via PKCS#11
, a standard API
(software interface) for communicating with devices which hold cryptographic
information and perform cryptographic functions. DNS
is complicated, and so is digital signing; their combination in DNSSEC is even more so. The idea of OpenDNSSEC is to handle such difficulties, to relieve the administrator of them after a one-time effort for setting it up.
Uses Botan
and SQLite
.
It is used on the .SE, .DK, .NL and .UK top-level domains.
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures zone
DNS zone
A DNS zone is a portion of the global Domain Name System namespace for which administrative responsibility has been delegated.-Definition:...
data just before it is published in an authoritative name server. OpenDNSSEC takes in unsigned zones, adds the signatures
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
and other records for DNSSEC and passes it on to the authoritative name servers for that zone. All keys are stored in a Security Module
Hardware Security Module
A hardware security module is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications...
and accessed via PKCS#11
PKCS11
In cryptography, PKCS #11 is one of the family of standards called Public-Key Cryptography Standards , published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules and smart cards...
, a standard API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
(software interface) for communicating with devices which hold cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
information and perform cryptographic functions. DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
is complicated, and so is digital signing; their combination in DNSSEC is even more so. The idea of OpenDNSSEC is to handle such difficulties, to relieve the administrator of them after a one-time effort for setting it up.
Uses Botan
Botan (programming library)
Botan is a BSD-licensed cryptographic library written in C++.It provides a wide variety of cryptographic algorithms, formats, and protocols. It is used in the Monotone distributed revision control program....
and SQLite
SQLite
SQLite is an ACID-compliant embedded relational database management system contained in a relatively small C programming library. The source code for SQLite is in the public domain and implements most of the SQL standard...
.
It is used on the .SE, .DK, .NL and .UK top-level domains.