A free software tool that enables users to manage keys and signatures for their DNSSEC-zones conveniently is available.
The Zone Key Tool comprises of two commands, dnssec-zkt and dnssec-signer. The dnssec-zkt command is used to create and list dnssec zone keys while the dnssec-signer command is used to sign a zone and manage the lifetime of the zone signing keys. These commands are simple wrapper commands around the dnssec-signzone(8) and dnssec-keygen(8) commands provided by BIND 9.3/9.4/9.5.
This toolkit is specifically designed to solve the problems of administrators who need to maintain a few dnssec-aware zones but find it challenging to do so with regular tools. However, note that the dnssec-zkt command is not primarily designed for environments with many secure zones.
The Zone Key Tool has been extensively tested on a two-level directory structure containing approximately 12,000 zones, and it has proven to be a working scenario. Therefore, administrators can confidently use this toolkit to manage their DNSSEC zones and keys without worrying about losing data or experiencing any setbacks.
Version 0.99c: N/A