Since its publishing at the start of the year, hsm-tools has been updated with new feautres and bugfixes. The changes are listed below:
-
The project was renamed to
dns-tools: The main focus of the tool was changed from just dns signing to a broader set of dns-related processes. To highlight the new approach, the project was renamed todns-tools. -
Signing with PKCS#8 keys: The tool now allows to sign a zone using PKCS#8-encoded keys as ZSK and KSK. More information about this mode can be found at the project README.
-
ZONEMD calculation and verification was added: The specification of the RFC draft defining ZONEMD RR was implemented on the tool. This allows the verification of the integrity of the zone, using a cryptographic digest. The implementation in
dns-toolsis highlighted in the current draft. It is important to note that the zones generated with the ZONEMD RR will only work with an updated DNS server software. -
New signing-related features for automating the signing process were added: New flags were added to allow the automatization of the signing process. The signature expiration date is now configurable as relative to the date of the signing, and a new “lazy” flag was implemented to avoid signing zones that are still valid at the time of re-signing. More info can be found at the project README.
-
Documentation for automatic zone signing was added: Documentation about the automatization of the signing process was added, using only the flags provided by the tool and a cron`-like system tool. It can be found here.
-
Bugs were fixed in
dns-tools,dtcanddtcnode: A bug involving the use ofsofthsmwithdns-toolswas solved. Also some implementation-related bugs were solved indtcanddtcnodelibraries .
For more information, you can check the dns-tools repository.