OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones. The goal of the project is to make DNSSEC easy to deploy. The project is Open Source and intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Archiv: OpenDNSSEC (program)
About: OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures zone data just before it is published in an authoritative name server.
Why DNSSEC?
Many internet protocol hinge on DNS, but the data in DNS caches has become so vulnerable to attack that it cannot be relied upon anymore. The added authenticity in DNSSEC makes sure that such attacks have no effect.
That is, if
– Zones are verified. Easy-to-deploy software for DNSSEC-aware name resolving (and caching) exists, for example Unbound or properly configured Bind9.
– Zones are secured. Easy-to-deploy solutions for DNSSEC did not yet exist, at least not in open source. Hence the OpenDNSSEC project.
More on the problems with DNS and about deploying DNSSEC can be found in this white paper.