OpenDNSSEC

In today's world, OpenDNSSEC has gained unusual relevance in society. Whether due to its impact on the economy, its influence on popular culture or its importance in the scientific field, OpenDNSSEC has proven to be a topic of interest for people of all ages and backgrounds. Throughout history, OpenDNSSEC has played a crucial role in the evolution of humanity, marking significant milestones that have shaped the course of civilization. In this article, we will explore the various facets of OpenDNSSEC and its impact in different areas, analyzing its relevance in the current context and projecting its influence in the future.

OpenDNSSEC
Initial releaseJuly 30, 2009 (2009-07-30)[1]
Stable release
2.1.13 / June 26, 2023 (2023-06-26)[2]
Repository
Written inC, C++
Operating systemLinux, FreeBSD, NetBSD, Mac OS X, Solaris
TypeDNSSEC
LicenseBSD
Websitewww.opendnssec.org
SoftHSM
Stable release
2.6.1 / April 29, 2020 (2020-04-29)[3]
Repositorygithub.com/opendnssec/SoftHSMv2
Written inC++
Operating systemLinux, FreeBSD, NetBSD, Mac OS X
LicenseBSD
Websitewww.opendnssec.org

OpenDNSSEC is a computer program that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures DNS zone data just before it is published in an authoritative name server. OpenDNSSEC takes in unsigned zones, adds digital signatures and other records for DNSSEC and passes it on to the authoritative name servers for that zone. All keys are stored in a hardware security module and accessed via PKCS #11, a standard software interface for communicating with devices which hold cryptographic information and perform cryptographic functions. OpenDNSSEC can be paired with SoftHSM which provides a Software emulation of a hardware security module.[4]

OpenDNSSEC runs two dedicated daemons these are ods-enforcerd which acts as a enforcer Engine Daemon with the role of enforcing the KASP (Key and Signing Policy), and the ods-signerd which carries out actual signing of the zone. A DNS zone will failed to be signed if either process fail.

The ods-enforcer client program may be used to interact with the enforcer Engine and can be used to initiate such actions as a key rollover manually.

OpenDNSSEC uses the Botan cryptographic library, and SQLite or MySQL as database back-end. It is used on the .fr,[5].se, .dk, .nl,[6] .nz[7] and .uk top-level domains.[8]

See also

References

  1. ^ "NEWS". OpenDNSSEC. 1.0.0. 9 February 2010. Retrieved 18 June 2022 – via GitHub.
  2. ^ "OpenDNSSEC 2.1.13".
  3. ^ "SoftHSM 2.6.1".
  4. ^ "OpenDNSSEC » SoftHSM". OpenDNSSEC.org. Retrieved 29 January 2024.
  5. ^ Levigneron, Vincent. "DNSSEC: change of algorithm for the .fr zone". Afnic. Retrieved 30 January 2024.
  6. ^ Ubbink, Stefan. "New DNSSEC algorithm for .nl". www.sidn.nl. Retrieved 10 February 2024.
  7. ^ "DNSSEC chain validation issue: technical incident report". InternetNZ. Retrieved 24 April 2024.
  8. ^ "OpenDNSSEC". Retrieved 17 September 2014.


Stub icon

This computer-programming-related article is a stub. You can help Wikipedia by expanding it.