Yet another blog about getting rich (while doing GSoC 2015)

Status Update - Can you see DNSSEC?

July 02, 2015 | 1 Minute Read

It’s again time for a status update, else I got the feeling I will be beaten up and thrown away (or something alike).

What happened?

minidns-dnssec advanced a lot.

  • Finally I added support of verifying DNS records. This means you can new verify that a record you received is properly signed by the zone owner, as long as he as verified ownership to the parent domain zone.
  • Support for negative result verification (NSEC) was added as well. This feature is used to verify that a record does not exist. However most DNS servers implement the successor of NSEC, NSEC3, which is not part of this implementation.
  • Obviously fixed a few bugs here and there.

What will happen?

The core is done, now we need a huge framework around it: NSEC3, API stabilization and a lot of tests are still missing to make this project a success.

And finally adding minidns-dnssec into applications is also an important part of the project. We want all this hard work to run in the applications you use everyday, don’t we?