Since its publishing at the start of the year, hsm-tools has been updated with new feautres and bugfixes. The changes are listed below:

  • The project was renamed to dns-tools: The main focus of the tool was changed from just dns signing to a broader set of dns-related processes. To highlight the new approach, the project was renamed to dns-tools.

  • Signing with PKCS#8 keys: The tool now allows to sign a zone using PKCS#8-encoded keys as ZSK and KSK. More information about this mode can be found at the project README.

  • ZONEMD calculation and verification was added: The specification of the RFC draft defining ZONEMD RR was implemented on the tool. This allows the verification of the integrity of the zone, using a cryptographic digest. The implementation in dns-tools is highlighted in the current draft. It is important to note that the zones generated with the ZONEMD RR will only work with an updated DNS server software.

  • New signing-related features for automating the signing process were added: New flags were added to allow the automatization of the signing process. The signature expiration date is now configurable as relative to the date of the signing, and a new “lazy” flag was implemented to avoid signing zones that are still valid at the time of re-signing. More info can be found at the project README.

  • Documentation for automatic zone signing was added: Documentation about the automatization of the signing process was added, using only the flags provided by the tool and a cron`-like system tool. It can be found here.

  • Bugs were fixed in dns-tools, dtc and dtcnode: A bug involving the use of softhsm with dns-tools was solved. Also some implementation-related bugs were solved in dtc and dtcnode libraries .

For more information, you can check the dns-tools repository.