The goal of the DNSSEC-Tools project is to create a set of tools,
patches, applications, wrappers, extensions, and plugins that will
help ease the deployment of DNSSEC-related technologies.
blinkenlights blinkenlights is a GUI tool for use with monitoring and controlling the DNSSEC-Tools rollerd program. It displays information on the current state of the zones... bubbles bubbles gives a simple display of the roll status of a set of zones listed in a rollrec file. In contrast, blinkenlights gives a detailed display of the roll... buildrealms buildrealms helps in setting up a realms environment for use by dtrealms. buildrealms creates the required file hierarchies for each realm, it moves a realm's... check-zone-expiration The check-zone-exiration script reports how long until a zone will expire by querying for the zone's (top level) RRSIG and calculating how much time is left... cleanarch cleanarch deletes old keys from a DNSSEC-Tools key archive. Key "age" and archives are determined by options and arguments. Command line options and arguments... cleankrf cleankrf cleans old data out of a set of DNSSEC-Tools keyrec files. The old data are obsolete signing sets, orphaned keys, and obsolete keys. Obsolete signing... convertar convertar operates on input and output files of different Trust Anchor Repository (TAR) formats. convertar decides what type of file format is being referred to... dnspktflow The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the resulting DNS packet flows... dnssec-tools The DNSSEC-Tools package contains a wide variety of tools that are helpful to zone operators, resolver operators, network operators, application developers and... donuts donuts is a DNS lint application that examines DNS zone files looking for particular problems. This is especially important for zones making use of DNSSEC... donutsd donutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the... drawvalmap drawvalmap is a simple utility that can be used to display the validator status values in a graphical format. The input to this script is a set of log messages... dtck dtck checks DNSSEC-Tools data files to determine if the entries are valid. dtck checks the validity of DNSSEC-Tools configuration files, rollrec files, and... dtconf dtconf displays the key/value pairs of a DNSSEC-Tools configuration file. If a configuration file isn't specified, the system configuration file will be... dtconfchk dtconfchk checks a DNSSEC-Tools configuration file to determine if the entries are valid. If a configuration file isn't specified, the system configuration file... dtdefs The dtdefs program displays defaults defined for DNSSEC-Tools. dt-getaddr This utility is a command-line wrapper around the val_getaddrinfo() function. It invokes the val_getaddrinfo() operation for the given command-line arguments... dt-gethost This utility is a command-line wrapper around the val_gethostbyname() (and related) functions. It invokes the val_gethostbyname(), val_gethostbyname_r() and... dt-getname This utility is a command-line wrapper around the val_getnameinfo() function. It invokes the val_getnameinfo() function with the given command-line arguments... dt-getquery This utility is a command-line wrapper around the val_res_query() function. It invokes the val_res_query() function with the given command-line arguments and... dt-getrrset This utility is a command-line wrapper around the val_get_rrset() function. It invokes the val_get_rrset() function with the given command-line arguments and... dtinitconf The dtinitconf program initializes the DNSSEC-Tools configuration file. By default, the actual configuration file will be created, though the created file can... dt-libval_check_conf This program checks a given validator configuration file for any syntax errors. If no file is specified as a command line option, the default dnsval.conf file... dtrealms dtrealms manages multiple distinct DNSSEC-Tools rollover environments running simultaneously. Each rollover environment, called a realm, is defined in a realms... dt-validate dt-validate is a diagnostic tool built on top of the DNSSEC validator. It takes DOMAIN_NAME as an argument and queries the DNS for that domain name. It outputs... expchk expchk checks a set of keyrec files to determine if the zone keyrecs are valid or expired. The type of zones displayed depends on the options chosen; if no... fixkrf fixkrf checks a specified keyrec file to ensure that the referenced encryption key files exist where listed. If a key is not where the keyrec specifies it... genkrf genkrf generates a keyrec file from KSK and/or ZSK files. It generates new KSK and ZSK keys if needed. The name of the keyrec file to be generated is given by... getdnskeys getdnskeys manages lists of DNSKEYs from DNS zones. It may be used to retrieve and compare DNSKEYs. The output from getdnskeys may be included (directly or... getds getds will create a DS record from DNSKEYs for the specified DNS domain. It does this by converting DNSKEYs to DS records using the specified hashing algorithm... grandvizier THIS NEEDS MAJOR EDITTING!!! Warning: This is an early prototype. Consider it to be beta quality, if not alpha. grandvizier is a GUI tool for use with... keyarch The keyarch program archives old KSK and ZSK keys. Keys are considered old if they are revoked or obsolete. Keys marked as either kskrev or zskrev are revoked... keymod keymod modifies the key parameters in a keyrec file that are used to generate cryptographics keys used to sign zones. The new parameters will be used by... krfcheck This script checks a keyrec file for problems, potential problems, and inconsistencies. lights lights gives a very simple overview of the rollover status of a set of zones. The rollover status counts are given in a "traffic light" display. In contrast... lsdnssec The lsdnssec program summarizes information about DNSSEC-related files. These files may be specified on the command line or found in directories that were given... lskrf lskrf lists the contents of the specified keyrec files. All keyrec files are loaded before the output is displayed. If any keyrecs have duplicated names... lsrealm This script lists the contents of the specified realm files. All realm files are loaded before the output is displayed. If any realms have duplicated names... lsroll This script lists the contents of the specified rollrec files. All rollrec files are loaded before the output is displayed. If any rollrecs have duplicated... maketestzone The generaterecords script generates a zone file, given a domain name, which is then signed and modified to invalidate portions of the data in particular ways... mapper This application creates a graphical map of one or more zone files. The output gives a graphical representation of a DNS zone or zones. The output is written in... realmchk realmchk checks the validity of a set of DNSSEC-Tools realms file. The results can be given in a summary or verbose form, or without any results printed at all... realmctl The realmctl command sends commands to dtrealms, the DNSSEC-Tools realms daemon. In most cases, dtrealms will send a response to realmctl. realmctl will print a... realminit realminit creates new realm entries for a realms file. dtrealms manages multiple distinct DNSSEC-Tools rollover environments running simultaneously. Each... realmset realmset modifies fields in the realm file specified by realm-file. Multiple options may be combined in a single realmset execution. realmset operates quietly... rollchk This script checks the rollrec file specified by rollrec-file for problems and inconsistencies. rollctl The rollctl command sends commands to the DNSSEC-Tools rollover daemon, rollerd. Only one option may be specified on a command line. In most cases, rollerd will... rollerd The rollerd daemon manages key rollover for zones. rollerd is just a scheduler for zone rollover; it uses zonesigner to perform the actual key generation, zone... rollinit rollinit creates new rollrec entries for a rollrec file. This rollrec file will be used by rollerd to manage key rollover for the named zones. The newly... rolllog The rolllog program writes log messages to the DNSSEC rollover log file. rolllog does not actually write the messages itself; rather, it sends them to the... rollrec-editor rollrec-editor provides the capability for easy GUI-based management of rollrec files. A rollrec file contains one or more rollrec records. These records are... rollset rollset modifies fields in the rollrec file specified by rollrec-file. Multiple options may be combined in a single rollset execution. rollset operates quietly... signset-editor signset-editor provides the capability for easy management of signing sets in a GUI. A signing set contains zero or more names of key keyrecs. These sets are... tachk tachk checks the validity of the trust anchors in the specified named.conf file. The output given depends on the options selected. Note: This script may be... timetrans timetrans converts time from one type of unit to another. If any of the units options are specified, then timetrans will convert those time units into the... trustman trustman manages keys used by DNSSEC as trust anchors in compliance with RFC5011. It may be used as a daemon for ongoing key verification or manually for... zonesigner This script combines into a single command many actions that are required to sign a DNS zone. It generates the required KSK and ZSK keys, adds the key data to a...