diff options
Diffstat (limited to 'contrib/bind/doc/secure/readme.txt')
-rw-r--r-- | contrib/bind/doc/secure/readme.txt | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/contrib/bind/doc/secure/readme.txt b/contrib/bind/doc/secure/readme.txt new file mode 100644 index 0000000..d7b422a --- /dev/null +++ b/contrib/bind/doc/secure/readme.txt @@ -0,0 +1,93 @@ + + Secure DNS (TIS/DNSSEC) + September 1996 + +Copyright (C) 1995,1996 Trusted Information Systems, Incorporated + +Trusted Information Systems, Inc. has received approval from the +United States Government for export and reexport of TIS/DNSSEC +software from the United States of America under the provisions of +the Export Administration Regulations (EAR) General Software Note +(GSN) license exception for mass market software. Under the +provisions of this license, this software may be exported or +reexported to all destinations except for the embargoed countries of +Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Any export +or reexport of TIS/DNSSEC software to the embargoed countries +requires additional, specific licensing approval from the United +States Government. + +Trusted Information Systems, Inc., is pleased to +provide a reference implementation of the secure Domain Name System +(TIS/DNSSEC). In order to foster acceptance of secure DNS and provide +the community with a usable, working version of this technology, +TIS/DNSSEC is being made available for broad use on the following basis. + +- Trusted Information Systems makes no representation about the + suitability of this software for any purpose. It is provided "as is" + without express or implied warranty. + +- TIS/DNSSEC is distributed in source code form, with all modules written + in the C programming language. It runs on many UNIX derived platforms + and is integrated with the Bind implementation of the DNS protocol. + +- This beta version of TIS/DNSSEC may be used, copied, and modified for + testing and evaluation purposes without fee during the beta test + period, provided that this notice appears in supporting documentation + and is retained in all software modules in which it appears. Any other + use requires specific, written prior permission from Trusted Information + Systems. + +TIS maintains the email distribution list dns-security@tis.com for +discussion of secure DNS. To join, send email to + dns-security-request@tis.com. + +TIS/DNSSEC technical questions and bug reports should be addressed to + dns-security@tis.com. + +To reach the maintainers of TIS/DNSSEC send mail to + tisdnssec-support@tis.com + +TIS/DNSSEC is a product of Trusted Information Systems, Inc. + +This is an beta version of Bind with secure DNS extensions it uses +RSAREF which you must obtain separately. + +Implemented and tested in this version: + Portable key storage format. + Improved authentication API + Support for using different authentication packages. + All Security RRs including KEY SIG, NXT, and support for wild cards + tool for generating KEYs + tool for signing RRs in boot files + verification of RRs on load + verification of RRs over the wire + transmission of SIG RRs + returns NXT when name and/or type does not exist + storage of NXT, KEY, and SIG RRs with CNAME RR + AD/ID bits added to header and setting of these bits + key storage and retrieval + dig and nslookup can display new header bits and RRs + AXFR signature RR + keyfile directive + $SIGNER directive (to turn on and off signing) + adding KEY to answers with NS or SOA + SOA sequence numbers are now set each time zone is signed + SIG AXFR ignores label count of names + generation and inclusion of .PARENT files + Returns only one NXT at delegation points unless two are required + Expired SIG records are now returned in response to query + +Implemented but not fully tested: + +Known bugs: + +Not implemented: + ROUND_ROBIN behaviour + zone transfer in SIG(AXFR) sort order. + transaction SIGs + verification in resolver. (stub resolvers must trust local servers + resolver library is to low level to implement security) + knowing when to trust the AD bit in responses + +Read files INSTALL_SEC and USAGE_SEC for installation and user +instructions, respectively. |