HOME

TheInfoList



Click Here for Items Related To - OpenDNSSEC
OR:
OpenDNSSEC on:   [Wikipedia]   [Google]   [Amazon]

OpenDNSSEC is a
computer program A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...
that manages the security of
domain name In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority, or control. Domain names are often used to identify services provided through the Internet, such as websites, email services, and more. ...
s on the Internet. The project intends to drive adoption of
Domain Name System Security Extensions The Domain Name System Security Extensions (DNSSEC) is a suite of Extension Mechanisms for DNS, extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS hijacking, DNS) in In ...
(DNSSEC) to further enhance Internet security. OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures
DNS zone A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which a specific organization or administrator manages. A DNS zone is an administrative space allowing more granular control of the DNS components, such as ...
data just before it is published in an authoritative name server. OpenDNSSEC takes in unsigned zones, adds digital signatures and other records for DNSSEC and passes it on to the authoritative name servers for that zone. All keys are stored in a hardware security module and accessed via PKCS #11, a standard software interface for communicating with devices which hold
cryptographic Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
information and perform cryptographic functions. OpenDNSSEC can be paired with SoftHSM which provides a Software emulation of a hardware security module. OpenDNSSEC runs two dedicated daemons these are ods-enforcerd which acts as a enforcer Engine Daemon with the role of enforcing the KASP (Key and Signing Policy), and the ods-signerd which carries out actual signing of the zone. A DNS zone will failed to be signed if either process fail. The ods-enforcer client program may be used to interact with the enforcer Engine and can be used to initiate such actions as a key rollover manually. OpenDNSSEC uses the Botan
cryptographic Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
library, and SQLite or
MySQL MySQL () is an Open-source software, open-source relational database management system (RDBMS). Its name is a combination of "My", the name of co-founder Michael Widenius's daughter My, and "SQL", the acronym for Structured Query Language. A rel ...
as database back-end. It is used on the .fr, .se, .dk, .nl, .nz and .uk top-level domains.


See also

*


References


External links

* * * Domain Name System DNS software Free network-related software {{compu-prog-stub