Menu
▾
▴
Re: DNSSEC
|
From: mod63 <mod...@gm...> - 2010-11-24 12:37:41
|
Brian Wellington wrote: > > On Nov 23, 2010, at 1:50 AM, mod63 wrote: > >> Brian Wellington wrote: >>> >>> >>> On Nov 22, 2010, at 5:04 AM, mod63 wrote: >>> >>>> >>>> Hi there, >>>> >>>> I’m currently working on a project that requires DNSSEC, the current >>>> situation is basically that I get a request from a client and based on >>>> that >>>> I generate a response i.e. Message object and send it of to the client, >>>> very >>>> basic stuff, the problem is I need to add DNSSEC to that, and that’s >>>> where >>>> I’m currently stuck. >>>> >>>> I couldn’t find any good resources about the subject and the >>>> explanation >>>> in >>>> the dnsjava documentation wasn’t adequate >>>> >>>> Any help would be appreciated; I need to resolve this problem as >>>> quickly >>>> as >>>> possible. >>> >>> If you want to write a DNSSEC-compliant name server, there is no >>> resource >>> better than the DNSSEC RFCs. There are a whole lot of them, but the >>> important ones are probably 4034 and 4035. >>> >>> You're not going to find much in the dnsjava documentation, as dnsjava >>> doesn't include a DNSSEC-compliant name server. I think the library is >>> complete enough that one could be written, but it definitely would not >>> be >>> trivial, and would likely take a considerable amount of time. >> >> Thank you for the fast reply. >> >> The javadns documentation for version 2.1.0 contains additional methods >> not >> mentions in the online documentation such as the DNSSEC.sign() method >> which >> returns a RRSIGRecord, could you please clarify this, whats the state of >> the >> implementation?can it be used or modified? > > The online documentation was outdated; I just updated it to point at the > current release. > > The implementation is complete (to the best of my knowledge), but as David > said, the implementation only contains the low-level routines needed to > build an authoritative server with DNSSEC support. > > Brian > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > dnsjava-users mailing list > dns...@li... > https://lists.sourceforge.net/lists/listinfo/dnsjava-users > > I got a little bit confused by your responses so hers what we’ve done so far We have a Message object which is the response we are sending back to the client; we need to add DNSSEC to it. DNSSEC 1) Initialize all the values needed to create a RRSIGRecord(name, algorithm, ttl ,etc). 3) Read a private key from a file and generate PrivateKey object 4) Read a public key from a file and generate PublicKey object 4) Create a DNSKEYRecord object using the public key. 5) Create RRset object from the response Record used for signing. 6) Generate the response RRSIGRecord using the DNSSEC.sign() method which takes all the objects created in previous steps. ADDING DNSSEC TO THE RESPONSE 1) Create a Record containing all the modified information that is needed by the client. 2) Add the Record from the previous step into the messages ANSWER section. 3) Add the RRSIGRecord into the messages ANSWER section. 4) Send it to the client. -- View this message in context: http://old.nabble.com/DNSSEC-tp30278312p30296449.html Sent from the dnsjava-users mailing list archive at Nabble.com. |
