| Name | dsboot JSON |
| Version |
1.0.1
JSON |
| download |
| home_page | https://github.com/desec-io/dsboot |
| Summary | Generate signaling records for Authenticated DNSSEC Bootstrapping (RFC 9615). |
| upload_time | 2024-07-26 00:11:17 |
| maintainer | None |
| docs_url | None |
| author | Peter Thomassen |
| requires_python | None |
| license | None |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# DNSSEC Bootstrapping Record Generator
This utility generates signaling zones for authenticated DNSSEC bootstrapping ([RFC 9615](https://www.rfc-editor.org/rfc/rfc9615.html)).
Before publishing these zones, child zone operators need to run them through their signing pipeline, as usual. (The tool is meant for environments where the nameserver cannot synthesize these records on the fly. Examples include BIND, NSD, and other pre-signed setups.)
## Installation
This package can be installed using [`pip`](https://pypi.org/project/pip/), preferably into its own [`virtualenv`](https://docs.python.org/3/tutorial/venv.html).
$ python3 -m venv venv
$ source venv/bin/activate
(venv)$ pip install dsboot
(venv)$ dsboot_generate --help
## Usage
$ dsboot_generate --help
usage: dsboot_generate [-h] [-r] [-w] [-v] [nameserver ...]
Generate signaling records for Authenticated DNSSEC Bootstrapping from existing zones.
positional arguments:
nameserver nameserver for which to generate signaling records
options:
-h, --help show this help message and exit
-r, --read-files read signaling zone files for update
-w, --write-files write signaling zone files, create if needed
-v, --verbose logging verbosity (default: 0)
### Input
Input is read from standard input, expecting CDS and/or CDNSKEY records for one or more domains, in the usual zone file format.
During one run, records for multiple domains are accepted. Domain names are extracted from the owner name of each CDS/CDNSKEY record.
In addition, NS records need to be provided for each domain. As a fallback, an NS record set with the root owner name (`.`) can be included. All subsequent domain names that do not have their own NS record set will be associated with this fallback NS record set.
Alternatively, one or more nameserver hostnames may be provided as arguments to the tool itself. In this case, NS records from standard input are ignored, and all domain names are associated with the explicitly provided nameservers.
Input records not of type CDS/CDNSKEY/NS are ignored. A simple way of generating "all signaling records" is therefore to simply dump all zones into the tool.
### Output
For each nameserver encountered, the tool outputs a signaling zone (`_signal.$NS`) containing the bootstrapping records for the domains associated with it. (An SOA record has to be added manually.)
By default, signaling zones are written to standard output, separated by a double newline (`\n\n`).
### Flags
When the `-w` flag is specified, each signaling zone is written to a separate file (`_signal.$NS.zone`) in the current working directory.
When the `-r` flag is specified, signaling zone files are read from disk and used as a starting point when generating signaling records, adding or replacing record sets as appropriate. Other record sets found remain unchanged, but may be reformatted or reordered. (As a consequence, there is currently no way to indicate removal of bootstrapping records for a domain.)
The `-r` and `-w` flags operate independently, that is, specifying `-r` without `-w` will not overwrite any files.
## Example
(venv)$ dsboot_generate <<EOF
> $ORIGIN .
> test.example 3600 IN CDS 17514 13 2 ba591a0751ce5e6f824398303d57fa766cb4d85db600c3da471edfd8330187f7
> test.example 3600 IN CDNSKEY 257 3 13 7BOWDw313HbPVNdqIaWUwBaLDQydSOE2BRqN6idpUr5ZJivYrzCmV+sSl1mR6Ioir7rqOyDm7Ns+6pr02ZvJjA==
> test.example 3600 IN NS ns2.example.
> test.example 3600 IN NS ns1.example.
> EOF
$ORIGIN _signal.ns1.example.
@ 3600 IN NS ns1.example.
_dsboot.test.example 3600 IN CDS 17514 13 2 ba591a0751ce5e6f824398303d57fa766cb4d85db600c3da471edfd8330187f7
_dsboot.test.example 3600 IN CDNSKEY 257 3 13 7BOWDw313HbPVNdqIaWUwBaLDQydSOE2 BRqN6idpUr5ZJivYrzCmV+sSl1mR6Ioi r7rqOyDm7Ns+6pr02ZvJjA==
$ORIGIN _signal.ns2.example.
@ 3600 IN NS ns2.example.
_dsboot.test.example 3600 IN CDS 17514 13 2 ba591a0751ce5e6f824398303d57fa766cb4d85db600c3da471edfd8330187f7
_dsboot.test.example 3600 IN CDNSKEY 257 3 13 7BOWDw313HbPVNdqIaWUwBaLDQydSOE2 BRqN6idpUr5ZJivYrzCmV+sSl1mR6Ioi r7rqOyDm7Ns+6pr02ZvJjA==
---
This work was [funded by NLnet Foundation](https://nlnet.nl/project/AuthenticatedDNSSECbootstrap/) and [supported by SSE](https://securesystems.de/).
Raw data
{
"_id": null,
"home_page": "https://github.com/desec-io/dsboot",
"name": "dsboot",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "Peter Thomassen",
"author_email": "peter@desec.io",
"download_url": "https://files.pythonhosted.org/packages/dc/ee/0926430c1a97ad120ea2dcd901b0383cb99855e9a55cd69a39286bfbbf30/dsboot-1.0.1.tar.gz",
"platform": null,
"description": "# DNSSEC Bootstrapping Record Generator\n\nThis utility generates signaling zones for authenticated DNSSEC bootstrapping ([RFC 9615](https://www.rfc-editor.org/rfc/rfc9615.html)).\n\nBefore publishing these zones, child zone operators need to run them through their signing pipeline, as usual. (The tool is meant for environments where the nameserver cannot synthesize these records on the fly. Examples include BIND, NSD, and other pre-signed setups.)\n\n\n## Installation\n\nThis package can be installed using [`pip`](https://pypi.org/project/pip/), preferably into its own [`virtualenv`](https://docs.python.org/3/tutorial/venv.html).\n\n $ python3 -m venv venv\n $ source venv/bin/activate\n (venv)$ pip install dsboot\n (venv)$ dsboot_generate --help\n\n\n## Usage\n\n $ dsboot_generate --help\n usage: dsboot_generate [-h] [-r] [-w] [-v] [nameserver ...]\n\n Generate signaling records for Authenticated DNSSEC Bootstrapping from existing zones.\n\n positional arguments:\n nameserver nameserver for which to generate signaling records\n\n options:\n -h, --help show this help message and exit\n -r, --read-files read signaling zone files for update\n -w, --write-files write signaling zone files, create if needed\n -v, --verbose logging verbosity (default: 0)\n\n### Input\n\nInput is read from standard input, expecting CDS and/or CDNSKEY records for one or more domains, in the usual zone file format.\n\nDuring one run, records for multiple domains are accepted. Domain names are extracted from the owner name of each CDS/CDNSKEY record.\n \nIn addition, NS records need to be provided for each domain. As a fallback, an NS record set with the root owner name (`.`) can be included. All subsequent domain names that do not have their own NS record set will be associated with this fallback NS record set.\n\nAlternatively, one or more nameserver hostnames may be provided as arguments to the tool itself. In this case, NS records from standard input are ignored, and all domain names are associated with the explicitly provided nameservers.\n\nInput records not of type CDS/CDNSKEY/NS are ignored. A simple way of generating \"all signaling records\" is therefore to simply dump all zones into the tool.\n\n### Output\n\nFor each nameserver encountered, the tool outputs a signaling zone (`_signal.$NS`) containing the bootstrapping records for the domains associated with it. (An SOA record has to be added manually.)\n\nBy default, signaling zones are written to standard output, separated by a double newline (`\\n\\n`).\n \n### Flags\n\nWhen the `-w` flag is specified, each signaling zone is written to a separate file (`_signal.$NS.zone`) in the current working directory.\n\nWhen the `-r` flag is specified, signaling zone files are read from disk and used as a starting point when generating signaling records, adding or replacing record sets as appropriate. Other record sets found remain unchanged, but may be reformatted or reordered. (As a consequence, there is currently no way to indicate removal of bootstrapping records for a domain.)\n\nThe `-r` and `-w` flags operate independently, that is, specifying `-r` without `-w` will not overwrite any files.\n\n## Example\n\n (venv)$ dsboot_generate <<EOF\n > $ORIGIN .\n > test.example 3600 IN CDS 17514 13 2 ba591a0751ce5e6f824398303d57fa766cb4d85db600c3da471edfd8330187f7\n > test.example 3600 IN CDNSKEY 257 3 13 7BOWDw313HbPVNdqIaWUwBaLDQydSOE2BRqN6idpUr5ZJivYrzCmV+sSl1mR6Ioir7rqOyDm7Ns+6pr02ZvJjA==\n > test.example 3600 IN NS ns2.example.\n > test.example 3600 IN NS ns1.example.\n > EOF\n $ORIGIN _signal.ns1.example.\n @ 3600 IN NS ns1.example.\n _dsboot.test.example 3600 IN CDS 17514 13 2 ba591a0751ce5e6f824398303d57fa766cb4d85db600c3da471edfd8330187f7\n _dsboot.test.example 3600 IN CDNSKEY 257 3 13 7BOWDw313HbPVNdqIaWUwBaLDQydSOE2 BRqN6idpUr5ZJivYrzCmV+sSl1mR6Ioi r7rqOyDm7Ns+6pr02ZvJjA==\n \n $ORIGIN _signal.ns2.example.\n @ 3600 IN NS ns2.example.\n _dsboot.test.example 3600 IN CDS 17514 13 2 ba591a0751ce5e6f824398303d57fa766cb4d85db600c3da471edfd8330187f7\n _dsboot.test.example 3600 IN CDNSKEY 257 3 13 7BOWDw313HbPVNdqIaWUwBaLDQydSOE2 BRqN6idpUr5ZJivYrzCmV+sSl1mR6Ioi r7rqOyDm7Ns+6pr02ZvJjA==\n\n---\n\nThis work was [funded by NLnet Foundation](https://nlnet.nl/project/AuthenticatedDNSSECbootstrap/) and [supported by SSE](https://securesystems.de/).\n",
"bugtrack_url": null,
"license": null,
"summary": "Generate signaling records for Authenticated DNSSEC Bootstrapping (RFC 9615).",
"version": "1.0.1",
"project_urls": {
"Homepage": "https://github.com/desec-io/dsboot"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "dcee0926430c1a97ad120ea2dcd901b0383cb99855e9a55cd69a39286bfbbf30",
"md5": "c998ca1b97f284e41d5d10a2ddadeb7c",
"sha256": "30a83805db9573167fd24d9334b198ded96b271e70ee970a8fcc6550fc719c6a"
},
"downloads": -1,
"filename": "dsboot-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "c998ca1b97f284e41d5d10a2ddadeb7c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 9106,
"upload_time": "2024-07-26T00:11:17",
"upload_time_iso_8601": "2024-07-26T00:11:17.114803Z",
"url": "https://files.pythonhosted.org/packages/dc/ee/0926430c1a97ad120ea2dcd901b0383cb99855e9a55cd69a39286bfbbf30/dsboot-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-26 00:11:17",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "desec-io",
"github_project": "dsboot",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "dsboot"
}
