Menu
▾
▴
dnsjava-users
|
From: mod63 <mod...@gm...> - 2010-11-22 13:04:26
|
Hi there, I’m currently working on a project that requires DNSSEC, the current situation is basically that I get a request from a client and based on that I generate a response i.e. Message object and send it of to the client, very basic stuff, the problem is I need to add DNSSEC to that, and that’s where I’m currently stuck. I couldn’t find any good resources about the subject and the explanation in the dnsjava documentation wasn’t adequate Any help would be appreciated; I need to resolve this problem as quickly as possible. Thanks. -- View this message in context: http://old.nabble.com/DNSSEC-tp30278312p30278312.html Sent from the dnsjava-users mailing list archive at Nabble.com. |
|
From: Brian W. <bwe...@xb...> - 2010-11-22 19:34:13
|
On Nov 22, 2010, at 5:04 AM, mod63 wrote: > > Hi there, > > I’m currently working on a project that requires DNSSEC, the current > situation is basically that I get a request from a client and based on that > I generate a response i.e. Message object and send it of to the client, very > basic stuff, the problem is I need to add DNSSEC to that, and that’s where > I’m currently stuck. > > I couldn’t find any good resources about the subject and the explanation in > the dnsjava documentation wasn’t adequate > > Any help would be appreciated; I need to resolve this problem as quickly as > possible. If you want to write a DNSSEC-compliant name server, there is no resource better than the DNSSEC RFCs. There are a whole lot of them, but the important ones are probably 4034 and 4035. You're not going to find much in the dnsjava documentation, as dnsjava doesn't include a DNSSEC-compliant name server. I think the library is complete enough that one could be written, but it definitely would not be trivial, and would likely take a considerable amount of time. Brian |
|
From: mod63 <mod...@gm...> - 2010-11-23 09:23:59
|
Brian Wellington wrote: > > > On Nov 22, 2010, at 5:04 AM, mod63 wrote: > >> >> Hi there, >> >> I’m currently working on a project that requires DNSSEC, the current >> situation is basically that I get a request from a client and based on >> that >> I generate a response i.e. Message object and send it of to the client, >> very >> basic stuff, the problem is I need to add DNSSEC to that, and that’s >> where >> I’m currently stuck. >> >> I couldn’t find any good resources about the subject and the explanation >> in >> the dnsjava documentation wasn’t adequate >> >> Any help would be appreciated; I need to resolve this problem as quickly >> as >> possible. > > If you want to write a DNSSEC-compliant name server, there is no resource > better than the DNSSEC RFCs. There are a whole lot of them, but the > important ones are probably 4034 and 4035. > > You're not going to find much in the dnsjava documentation, as dnsjava > doesn't include a DNSSEC-compliant name server. I think the library is > complete enough that one could be written, but it definitely would not be > trivial, and would likely take a considerable amount of time. > > Brian > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > dnsjava-users mailing list > dns...@li... > https://lists.sourceforge.net/lists/listinfo/dnsjava-users > > Thank you for the fast reply. The javadns documentation for version 2.1.0 contains additional methods not mentions in the online documentation such as the DNSSEC.sign() method which returns a RRSIGRecord, could you please clarify this, whats the state of the implementation?can it be used or modified? -- View this message in context: http://old.nabble.com/DNSSEC-tp30278312p30283784.html Sent from the dnsjava-users mailing list archive at Nabble.com. |
|
From: mod63 <mod...@gm...> - 2010-11-23 09:50:41
|
Brian Wellington wrote: > > > On Nov 22, 2010, at 5:04 AM, mod63 wrote: > >> >> Hi there, >> >> I’m currently working on a project that requires DNSSEC, the current >> situation is basically that I get a request from a client and based on >> that >> I generate a response i.e. Message object and send it of to the client, >> very >> basic stuff, the problem is I need to add DNSSEC to that, and that’s >> where >> I’m currently stuck. >> >> I couldn’t find any good resources about the subject and the explanation >> in >> the dnsjava documentation wasn’t adequate >> >> Any help would be appreciated; I need to resolve this problem as quickly >> as >> possible. > > If you want to write a DNSSEC-compliant name server, there is no resource > better than the DNSSEC RFCs. There are a whole lot of them, but the > important ones are probably 4034 and 4035. > > You're not going to find much in the dnsjava documentation, as dnsjava > doesn't include a DNSSEC-compliant name server. I think the library is > complete enough that one could be written, but it definitely would not be > trivial, and would likely take a considerable amount of time. > > Brian > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > dnsjava-users mailing list > dns...@li... > https://lists.sourceforge.net/lists/listinfo/dnsjava-users > > Thank you for the fast reply. The javadns documentation for version 2.1.0 contains additional methods not mentions in the online documentation such as the DNSSEC.sign() method which returns a RRSIGRecord, could you please clarify this, whats the state of the implementation?can it be used or modified? -- View this message in context: http://old.nabble.com/DNSSEC-tp30278312p30283787.html Sent from the dnsjava-users mailing list archive at Nabble.com. |
|
From: David B. <da...@ve...> - 2010-11-23 15:14:31
Attachments:
smime.p7s
|
On Nov 23, 2010, at 4:50 AM, mod63 wrote: > > Thank you for the fast reply. > > The javadns documentation for version 2.1.0 contains additional methods not > mentions in the online documentation such as the DNSSEC.sign() method which > returns a RRSIGRecord, could you please clarify this, whats the state of the > implementation?can it be used or modified? I think what Brian is trying to say is that "adding DNSSEC" to existing DNS software is a non-trivial exercise. It isn't (nearly) enough just to call DNSSEC.sign(). DNSJava does contain the building blocks for creating (say) a DNSSEC-enabled authoritative DNS server. But it only contains a set of record types and useful, but low-level, signing and verification routines. -- David Blacka <da...@ve...> Principal Engineer VeriSign Platform Product Development |
|
From: Brian W. <bwe...@xb...> - 2010-11-23 17:42:09
|
On Nov 23, 2010, at 1:50 AM, mod63 wrote: > Brian Wellington wrote: >> >> >> On Nov 22, 2010, at 5:04 AM, mod63 wrote: >> >>> >>> Hi there, >>> >>> I’m currently working on a project that requires DNSSEC, the current >>> situation is basically that I get a request from a client and based on >>> that >>> I generate a response i.e. Message object and send it of to the client, >>> very >>> basic stuff, the problem is I need to add DNSSEC to that, and that’s >>> where >>> I’m currently stuck. >>> >>> I couldn’t find any good resources about the subject and the explanation >>> in >>> the dnsjava documentation wasn’t adequate >>> >>> Any help would be appreciated; I need to resolve this problem as quickly >>> as >>> possible. >> >> If you want to write a DNSSEC-compliant name server, there is no resource >> better than the DNSSEC RFCs. There are a whole lot of them, but the >> important ones are probably 4034 and 4035. >> >> You're not going to find much in the dnsjava documentation, as dnsjava >> doesn't include a DNSSEC-compliant name server. I think the library is >> complete enough that one could be written, but it definitely would not be >> trivial, and would likely take a considerable amount of time. > > Thank you for the fast reply. > > The javadns documentation for version 2.1.0 contains additional methods not > mentions in the online documentation such as the DNSSEC.sign() method which > returns a RRSIGRecord, could you please clarify this, whats the state of the > implementation?can it be used or modified? The online documentation was outdated; I just updated it to point at the current release. The implementation is complete (to the best of my knowledge), but as David said, the implementation only contains the low-level routines needed to build an authoritative server with DNSSEC support. Brian |
|
From: mod63 <mod...@gm...> - 2010-11-24 12:37:41
|
Brian Wellington wrote: > > On Nov 23, 2010, at 1:50 AM, mod63 wrote: > >> Brian Wellington wrote: >>> >>> >>> On Nov 22, 2010, at 5:04 AM, mod63 wrote: >>> >>>> >>>> Hi there, >>>> >>>> I’m currently working on a project that requires DNSSEC, the current >>>> situation is basically that I get a request from a client and based on >>>> that >>>> I generate a response i.e. Message object and send it of to the client, >>>> very >>>> basic stuff, the problem is I need to add DNSSEC to that, and that’s >>>> where >>>> I’m currently stuck. >>>> >>>> I couldn’t find any good resources about the subject and the >>>> explanation >>>> in >>>> the dnsjava documentation wasn’t adequate >>>> >>>> Any help would be appreciated; I need to resolve this problem as >>>> quickly >>>> as >>>> possible. >>> >>> If you want to write a DNSSEC-compliant name server, there is no >>> resource >>> better than the DNSSEC RFCs. There are a whole lot of them, but the >>> important ones are probably 4034 and 4035. >>> >>> You're not going to find much in the dnsjava documentation, as dnsjava >>> doesn't include a DNSSEC-compliant name server. I think the library is >>> complete enough that one could be written, but it definitely would not >>> be >>> trivial, and would likely take a considerable amount of time. >> >> Thank you for the fast reply. >> >> The javadns documentation for version 2.1.0 contains additional methods >> not >> mentions in the online documentation such as the DNSSEC.sign() method >> which >> returns a RRSIGRecord, could you please clarify this, whats the state of >> the >> implementation?can it be used or modified? > > The online documentation was outdated; I just updated it to point at the > current release. > > The implementation is complete (to the best of my knowledge), but as David > said, the implementation only contains the low-level routines needed to > build an authoritative server with DNSSEC support. > > Brian > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > dnsjava-users mailing list > dns...@li... > https://lists.sourceforge.net/lists/listinfo/dnsjava-users > > I got a little bit confused by your responses so hers what we’ve done so far We have a Message object which is the response we are sending back to the client; we need to add DNSSEC to it. DNSSEC 1) Initialize all the values needed to create a RRSIGRecord(name, algorithm, ttl ,etc). 3) Read a private key from a file and generate PrivateKey object 4) Read a public key from a file and generate PublicKey object 4) Create a DNSKEYRecord object using the public key. 5) Create RRset object from the response Record used for signing. 6) Generate the response RRSIGRecord using the DNSSEC.sign() method which takes all the objects created in previous steps. ADDING DNSSEC TO THE RESPONSE 1) Create a Record containing all the modified information that is needed by the client. 2) Add the Record from the previous step into the messages ANSWER section. 3) Add the RRSIGRecord into the messages ANSWER section. 4) Send it to the client. -- View this message in context: http://old.nabble.com/DNSSEC-tp30278312p30296449.html Sent from the dnsjava-users mailing list archive at Nabble.com. |
|
From: Brian W. <bwe...@xb...> - 2010-11-24 19:01:28
|
On Nov 24, 2010, at 4:37 AM, mod63 wrote: > Brian Wellington wrote: >> >> On Nov 23, 2010, at 1:50 AM, mod63 wrote: >> >>> Brian Wellington wrote: >>>> >>>> >>>> On Nov 22, 2010, at 5:04 AM, mod63 wrote: >>>> >>>>> >>>>> Hi there, >>>>> >>>>> I’m currently working on a project that requires DNSSEC, the current >>>>> situation is basically that I get a request from a client and based on >>>>> that >>>>> I generate a response i.e. Message object and send it of to the client, >>>>> very >>>>> basic stuff, the problem is I need to add DNSSEC to that, and that’s >>>>> where >>>>> I’m currently stuck. >>>>> >>>>> I couldn’t find any good resources about the subject and the >>>>> explanation >>>>> in >>>>> the dnsjava documentation wasn’t adequate >>>>> >>>>> Any help would be appreciated; I need to resolve this problem as >>>>> quickly >>>>> as >>>>> possible. >>>> >>>> If you want to write a DNSSEC-compliant name server, there is no >>>> resource >>>> better than the DNSSEC RFCs. There are a whole lot of them, but the >>>> important ones are probably 4034 and 4035. >>>> >>>> You're not going to find much in the dnsjava documentation, as dnsjava >>>> doesn't include a DNSSEC-compliant name server. I think the library is >>>> complete enough that one could be written, but it definitely would not >>>> be >>>> trivial, and would likely take a considerable amount of time. >>> >>> Thank you for the fast reply. >>> >>> The javadns documentation for version 2.1.0 contains additional methods >>> not >>> mentions in the online documentation such as the DNSSEC.sign() method >>> which >>> returns a RRSIGRecord, could you please clarify this, whats the state of >>> the >>> implementation?can it be used or modified? >> >> The online documentation was outdated; I just updated it to point at the >> current release. >> >> The implementation is complete (to the best of my knowledge), but as David >> said, the implementation only contains the low-level routines needed to >> build an authoritative server with DNSSEC support. >> >> Brian > > I got a little bit confused by your responses so hers what we’ve done so far > > We have a Message object which is the response we are sending back to the > client; we need to add DNSSEC to it. > > DNSSEC > 1) Initialize all the values needed to create a RRSIGRecord(name, algorithm, > ttl ,etc). > > 3) Read a private key from a file and generate PrivateKey object > > 4) Read a public key from a file and generate PublicKey object > > 4) Create a DNSKEYRecord object using the public key. > > 5) Create RRset object from the response Record used for signing. > > 6) Generate the response RRSIGRecord using the DNSSEC.sign() method which > takes all the objects created in previous steps. > > > ADDING DNSSEC TO THE RESPONSE > 1) Create a Record containing all the modified information that is needed by > the client. > > 2) Add the Record from the previous step into the messages ANSWER section. > > 3) Add the RRSIGRecord into the messages ANSWER section. > > 4) Send it to the client. I believe this will work, but only in a very limited situation where all queries have a simple, positive answer and performance is not an issue. Brian |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X